* [Blog](https://www.paloaltonetworks.com/blog)
* [Network Security](https://www.paloaltonetworks.com/blog/network-security/)
* [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/)
* Managing User Identity in...

# Managing User Identity in a Cloud-First World

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fuser-identity-in-a-cloud-first-world%2F)  
[](https://twitter.com/share?text=Managing+User+Identity+in+a+Cloud-First+World&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fuser-identity-in-a-cloud-first-world%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fuser-identity-in-a-cloud-first-world%2F&title=Managing+User+Identity+in+a+Cloud-First+World&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/network-security/user-identity-in-a-cloud-first-world/&ts=markdown)  
\[\](mailto:?subject=Managing User Identity in a Cloud-First World)  
Link copied  
By [Neha Kumar](https://www.paloaltonetworks.com/blog/author/neha-kumar/?ts=markdown "Posts by Neha Kumar") and [Samantha Pierre](https://www.paloaltonetworks.com/blog/author/samantha-pierre/?ts=markdown "Posts by Samantha Pierre")  
Jul 13, 2022  
4 minutes  
[Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)  
[Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)  
[Cloud Identity Engine](https://www.paloaltonetworks.com/blog/tag/cloud-identity-engine/?ts=markdown)  
[PAN-OS](https://www.paloaltonetworks.com/blog/tag/pan-os/?ts=markdown)  
[User Identity](https://www.paloaltonetworks.com/blog/tag/user-identity/?ts=markdown)  
[Zero Trust](https://www.paloaltonetworks.com/blog/tag/zero-trust/?ts=markdown)

Since the start of the pandemic, companies have become more determined to enhance operational efficiencies and rapidly move to the cloud. Whether to replace legacy systems or to adopt new digital transformation initiatives, traditional IT solutions are being redeployed in the cloud.

At the same time, the way we interact with people and how we work has drastically changed since 2020. Organizations around the globe have had to establish a new normal, and companies are adopting cloud-based tools and applications that enable employees to stay productive during the pandemic, regardless of where they are located.

Remote working is the new normal and remote users should have secure access to all apps, have a great user experience and enjoy uncompromising performance. To make this a reality, an all-encompassing Zero Trust approach to network security is critical for safeguarding productivity in the new reality of remote, mobile and hybrid work. To achieve Zero Trust, organizations need to be able to easily and consistently secure users across the branch, data center, public clouds, and remote workforce.

### **Traditional Security Tools Fail Zero Trust**

According to a recent ESG report, "Trends in IAM: Cloud-driven Identities," 87% of organizations are migrating to or are already using cloud-based identity sources in addition to their on-prem repositories. However, unifying identity is challenging which makes Zero Trust difficult to achieve. Security teams are struggling to consistently verify users and enforce identity-based security at all times for three primary reasons:

1. User information is distributed between multiple identity providers resulting in increased operational complexity;
2. Authentication with cloud identity providers typically requires a laborious authentication setup, with unique configuration requirements for each security device with every identity provider; and
3. Lack of visibility into user activity and consistent application of identity controls across the network results in gaps that can weaken an organization's security posture.

Existing solutions are designed for a single source of identity, either on-prem or cloud identity stores, leading to inconsistent security across the infrastructure. Moreover, every identity store and any changes by them have to be manually added and managed on the firewalls. Moving from on-prem to cloud or other identity sources can take months or years.

How do you consistently identify your users when the identity is fragmented in so many different identity stores?

Continuing our six-part Tech Deep Dive Miniseries, [Episode 6](https://register.paloaltonetworks.com/nebula-tech-deep-dive-series?utm_medium=blog&utm_source=deep-dive-fourth-episode&utm_campaign=nebula-deep-dives) covers how our newly enhanced Cloud Identity Engine can help security teams simplify Zero Trust with easy-to-deploy user identity and access across all locations.

If you missed our previous episodes, you can check them out now:

Episode 1: [Industry Firsts in Campus and Data Center Security, 3x Faster with ML-Powered NGFW](https://register.paloaltonetworks.com/nebula-tech-deep-dive-series?utm_medium=blog&utm_source=deep-dive-fourth-episode&utm_campaign=nebula-deep-dives)  
Episode 2: [Evolution of IPS to Advanced Threat Prevention](https://register.paloaltonetworks.com/nebula-tech-deep-dive-series?utm_medium=blog&utm_source=deep-dive-fourth-episode&utm_campaign=nebula-deep-dives)  
Episode 3: [Innovations in Web Security to Stop Evasive Threats](https://register.paloaltonetworks.com/nebula-tech-deep-dive-series?utm_medium=blog&utm_source=deep-dive-fourth-episode&utm_campaign=nebula-deep-dives)  
Episode 4: [Smart and Easy IoT Security for Zero Trust](https://register.paloaltonetworks.com/nebula-tech-deep-dive-series?utm_medium=blog&utm_source=deep-dive-fourth-episode&utm_campaign=nebula-deep-dives)  
Episode 5: [What is AIOps, Optimizing Your NGFW in a Snap](https://register.paloaltonetworks.com/nebula-tech-deep-dive-series?utm_medium=blog&utm_source=deep-dive-fourth-episode&utm_campaign=nebula-deep-dives)

### Making Zero Trust a Reality with an Enhanced Cloud Identity Engine

![Learn how our Cloud Identity Engine can help teams simplify Zero Trust with easy-to-deploy user identity and access across all locations.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/07/word-image-24.png)

Identity-based security controls are a foundational requirement to achieve Zero Trust. With Nebula (PAN-OS 10.2), the latest upgrade of our industry-leading PAN-OS software, we have continued to build on our identity-based security innovations with an enhanced version of Cloud Identity Engine. With the new Cloud Identity Engine in PAN-OS 10.2, customers can get:

1. Simplified identity-based group policies with support for additional cloud based identity providers, including Okta and Google Cloud directories. Ensure privacy of personal data by selectively distributing employee's data based on company policy with SCIM granular access control.
2. Simplified cloud authentication set up and management with Cloud IAM vendors. With the release of Nebula, security teams can connect users easily when authenticating with multiple authentication types -- SAML 2.0 Idps (Microsoft AD, Azure AD, Okta, Ping, Google Identity) and cert-based authentication -- across enterprise networks, e.g., in merger and acquisition situations.
3. Unified identity across infrastructure. Enforce authentication and identity-based security across hardware (PA-series), software (VM-series), management (Panorama), Cloud Management, remote networks (Prisma Access), branches (Prisma Access), and endpoints (GlobalProtect).
4. Extending visibility into users and groups for security and health monitoring services to determine user behavior across the network, correlate threats, and prevent data loss (e.g., SaaS Inline, Device Insights, ADEM, CDL, Explore, Visualization and Reporting).

To learn more about Cloud Identity Engine, be sure to register for [Episode 6](https://register.paloaltonetworks.com/nebula-tech-deep-dive-series) in our Tech Deep Dive Miniseries, [Managing User Identity in a Cloud-First World](https://register.paloaltonetworks.com/nebula-tech-deep-dive-series) or download our [Cloud Identity Engine Solution Brief](https://www.paloaltonetworks.com/resources/techbriefs/cloud-identity-engine?ts=markdown).

If you missed our previous blogs, check out what's new with our [NGFWs and security infrastructure](https://www.paloaltonetworks.com/blog/network-security/pan-os-10-2-nebula-campus-data-center-security/?ts=markdown); learn about the latest in [Intrusion Prevention](https://www.paloaltonetworks.com/blog/network-security/ips-to-advanced-threat-prevention/?ts=markdown); learn how our [Advanced URL Filtering and DNS Security](https://www.paloaltonetworks.com/blog/network-security/dns-security-advanced-url-filtering/?ts=markdown) solutions can protect customers in real time; learn how you can reduce the unseen and unmitigated 30% of risk across your enterprise by implementing Zero Trust for [IoT devices](https://www.paloaltonetworks.com/blog/network-security/smartest-iot-security-solution-for-smart-devices/?ts=markdown); and learn how [AIOPs for NGFW](https://www.paloaltonetworks.com/blog/2022/03/industry-first-aiops-for-ngfw/?ts=markdown) can proactively strengthen your security posture and prevent firewall disruptions.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### PAN-OS 10.1 Innovations Empower Complete Zero Trust Network Security](https://www.paloaltonetworks.com/blog/2021/07/pan-os-10-1-innovations/)

### [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Calculate Your Organization's Big Virtual Firewall ROI Potential](https://www.paloaltonetworks.com/blog/network-security/calculate-virtual-firewalls-roi-potential/)

### [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Zero Trust for Infrastructure: A Key Step in Addressing IoT Security Risks](https://www.paloaltonetworks.com/blog/network-security/zero-trust-iot-security-risks/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### A Brand New Fight: Securing Your AI-Powered Applications](https://www.paloaltonetworks.com/blog/network-security/secure-ai-apps-by-design/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Guarding Against Malware in 2023: 4 Predictions to Enhance Your Security Strategy](https://www.paloaltonetworks.com/blog/network-security/network-threat-trends-malware-attacks/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Interactive Pricing Estimator Makes Cloud NGFW for AWS Even Easier](https://www.paloaltonetworks.com/blog/network-security/interactive-pricing-cloud-ngfw-for-aws/)

### Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language