How to Configure User-ID Agent Integration with Active Directory

You are here:
← All Topics
Contents

Steps on how to configure User-ID Agent integration with Active Directory

  1. Download the installation files from Palo Alto Networks Customer Support Portal with valid subscription account

    • User-ID Agent (UaInstall-9.0.5-8.msi)

      • Default Installation Path – C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\
    • User-ID Credential Agent (UaCredInstall64-9.0.5-8)

      • Default Installation Path – C:\Program Files\Palo Alto Networks\User-ID Credential Agent\
  2. Install User-ID Agent, and follow by User-ID Credential Agent on Domain Member Server

Preparation of Service Account

  1. Create a New Service Account called PaAgent (Domain User) in Active Directory
  2. Add PaAgent to Local Security Policy – Local Policies – User Right Assignment – Log on as a Service on the Domain Member Server where User-ID Agent installed

  1. Add PaAgent as member of Doman Event Log Readers in AD Domain to monitors the security event logs for specified Microsoft Exchange Servers, Domain Controllers, or Novell eDirectory servers for login events (Server Monitoring Feature)

  1. Add PaAgent as member of Local Administrators on the domain member server where User-ID Agent installed

Configuration of User-ID Agent

  1. Open User-ID Agent and change the Service Logon Account username for Active Directory to PaAgent

  1. Add the IP Address of AD Domain Controller

  1. Ensure that User-ID Agent is connected to AD Domain Controller successfully

Enable User Identification in Firewall

  1. Add User-ID Agent installed to Device – User Identification – User-ID Agents

5007 is the default port used by User-ID Agent

  1. Enable User Identification for Internal Zone in Network – Zones – Internal

  1. Click Commit and verify Firewall is connected to User-ID Agent successfully

Verification

User ID is showing in Source User in Monitor log now

Reference Links

  1. https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/user-id/map-ip-addresses-to-users/configure-user-mapping-using-the-windows-user-id-agent/install-the-windows-based-user-id-agent.html#id6de73ab7-e7be-4a90-8b96-e1cd2c6a9c28