In SCM if the group name in the security policy is in Japanese, some group name display will be garbled

In SCM if the group name in the security policy is in Japanese, some group name display will be garbled

297
Created On 06/02/25 06:26 AM - Last Modified 10/24/25 22:29 PM


Symptom


The customer is using Entra ID→ CIE to do group mapping for prisma access.
In CIE customer can see that the group name in Japanese is displayed okay.
However, in SCM if the group name in the security policy is in Japanese, some group name display will be garbled showing as ‘xxxx_____________’.

 

Environment


  •  EntraID, CIE, Prisma Access (SCM)

Cause


For Azure AD (EntraID), CIE uses "mailNickname" to compose group's CN/DN. But "mailNickname" only supports ASCII (https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0). 

Resolution


To resolve this issue, we need to change AAD group attribute mapping. 
First change it to make it like this.

Restore the Name attribute to default.

Finally, it should be like this.

After that, select "Actions" and "Full Sync". This should address this malformed CN/DN issue seen in both CIE and SCM UI. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000TNHwKAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail