A holding company has recently acquired two new businesses, each with its own Okta identity provider. The holding company wants to use a single Cloud Identity Engine (CIE) instance to provide User-ID for all three organizations' firewalls, while ensuring that each company's firewalls only receive identity data from their respective Okta instance. Which configuration in CIE supports this requirement with highest operational efficiency? (Choose one answer)

A. Configure a CIE tenant, connect Okta, and create segments.
B. Configure the firewalls for each company to query their respective Okta IdPs directly, bypassing CIE for redistribution.
C. Push all identity data to Panorama and use Panorama's group mapping include/exclude lists.
D. Create a master CIE tenant and peer it with two subordinate tenants.

Brave-Dump Clients Votes

D 100%

Comments

Anonymous User 2026-02-25 03:49:19

Selected Answers: D

The most architecturally robust and operationally sound way to guarantee that is tenant isolation, not segmentation inside one tenant.