During a deployment of Prisma Access (Managed by Strata Cloud Manager) for mobile users, a SAML authentication type and authentication profile in the Cloud Identity Engine application is successfully created. Using this SAML authentication, what is a valid next step to configure authentication for mobile users? (Choose one answer)

A. Perform a full commit to Strata Cloud Manager so the Cloud Identity Engine profiles get synchronized from the application.
B. Permit the Cloud Identity Engine service account RBAC access to the mobile user folder in Strata Cloud Manager.
C. In Strata Cloud Manager, create a new authentication type of “Cloud Identity Engine.”
D. Create a SAML authentication profile in Strata Cloud Manager and link it to the Cloud Identity Engine profile

Correct Answer: C

Brave-Dump Clients Votes

C 100%

Comments

Anonymous User 2026-02-26 15:47:15

Selected Answers: C

The correct answer is
C. In Strata Cloud Manager, create a new authentication type of "Cloud Identity Engine."

The Configuration Flow
The workflow here is important to understand in sequence. Once a SAML authentication type and authentication profile have been created in the Cloud Identity Engine (CIE) application, the next step is to reference that CIE profile from within Strata Cloud Manager itself.

In Strata Cloud Manager, you navigate to Configuration > NGFW and Prisma Access > Identity Services > Authentication > Authentication Profiles, then add a new profile and select "Cloud Identity Engine" as the Authentication Method. You then select the specific CIE authentication profile you created in the CIE app from the available Profile dropdown — this is what links the two together.

https://docs.paloaltonetworks.com/prisma-access/integration/microsoft-integrations-with-prisma-access/azure-ad-saml-authentication-for-mobile-user-deployments/configure-mobile-users-using-cloud-identity-engine