Static IP Address Allocation in SCM are missing user groups from CIE.

Static IP Address Allocation in SCM are missing user groups from CIE.

632
Created On 07/24/25 09:12 AM - Last Modified 10/08/25 21:23 PM


Symptom


When enabled, Static IP Address Allocation for Mobile Users—GlobalProtect Deployments in SCM in match criteria "User" drop down usergroups from CIE are not showing all user groups from CIE.

Environment


  • Prisma Access
  • Strata Cloud Manager (SCM)
  • Cloud Identity Engine (CIE)

Cause


This is due to the limitation of the number of user groups per tenant. In this case, the user groups exceeded 5,000.
The following maximum allocations are supported per tenant:

  • 20,000 users.
  • 5,000 user groups with 50,000 users per user group.
  • 10,000 IP address pool profiles.
  • 10,000 IP address pools.

Resolution


  1. A workaround to fix the limitation issue of user groups is to create group filtering that matches a condition.
  2. This will divide the number of user groups to filters and reduce the number to less than 5,000.
  3. Refer to the information below.

Group Filtering 

Group Filtering



Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000fxvmKAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail