Identity Collector - Requirements
Supported Identity Sources
-
Microsoft Active Directory Domain Controllers
-
Cisco Identity Services Engine (ISE) Servers
(see Identity Collector - Working with a Cisco Identity Services Engine (ISE) Server)
-
NetIQ eDirectory Servers (requires Identity Awareness
Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway R80.20 and higher)(see Identity Collector - Working with NetIQ eDirectory LDAP Servers)
-
Syslog messages (requires Identity Awareness Gateway R80.20 and higher)
Requirements for the Windows Server
These are minimum requirements for the Windows Server on which Identity Collector is installed:
-
Supported versions of Windows Server:
-
Windows Server 2022
-
Windows Server 2019
-
Windows Server 2016
-
Windows Server 2012 R2
-
Windows Server 2012
-
Windows Server 2008 R2
-
Windows Server 2008
-
-
Windows Server must have a minimum of 8 GB of RAM
-
Windows Server must have a minimum of 10 GB of free disk space
-
Windows Server must have .NET framework (version 4) installed
-
An Administrator account is required on the Windows Server to install and to run the Identity Collector.
-
Windows Server must connect to the Identity Awareness Gateway over TCP port 443
-
If you install Identity Collector directly on the Domain Controllers (DCs) (including Windows Firewall), make sure the Windows Firewall rules allow DNS, LDAP, and DCOM traffic from the computer on which Identity Collector is installed.
In Windows Firewall, add this "Allow" rule
Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.:"
Remote Event Log Management" > "Remote Event Log Management (RPC)" -
Identity Collector processes these Windows events:
-
Authentication events - 4624, 4768, 4769, 4770
-
Group update events - 4728, 4729, 4732, 4733, 4756, 4757
-
Group deletion events - 4730, 4734, 4758
-
|
|
Best Practice - For best performance, use a Windows Server with:
|
Requirements for Integration with Active Directory
-
Windows Server must connect to the Active Directory (AD) domain controllers of the organization with DNS, LDAP, and DCOM.
-
The Identity Collector requires an Active Directory (AD) user that belongs to the default Event Log Readers group.
Note - An administrative role is not required for this user.
Requirements for Integration with Cisco ISE PxGrid
-
The Identity Collector supports these versions of Cisco ISE:
2.0, 2.1, 2.2, 2.3, 2.4, 2.6, 2.7, 3.0, 3.1, 3.2, and 3.3
-
To integrate with Cisco ISE PxGrid 1.0, the Identity Collector requires Oracle Java JRE 1.8 (Java SE Runtime Environment 8) on the Windows Server
-
To integrate with Cisco ISE PxGrid 2.0, the Identity Collector requires Oracle Java SE Runtime Environment (8 or newer) on the Windows Server
Additional Requirements
-
LDAP Account Unit(s) must be configured to allow PDP
Check Point Identity Awareness Security Gateway that acts as Policy Decision Point: acquires identities from identity sources; shares identities with other gateways. Identity Awareness Gateways to perform group lookups for user and machine identities.