Identity sources have different security and deployment considerations. Depending on your organization requirements, you can choose to set them separately, or as combinations that supplement each other.
This section presents some examples of how to choose identity sources for different organizational requirements.
Requirement |
Recommended Identity Source |
---|---|
Logging and auditing with basic enforcement |
AD Query. |
Logging and auditing only |
AD Query. |
Application Control |
AD Query and Browser-Based Authentication. The AD Query finds all AD users and computers. The Browser-Based Authentication identity source is necessary to include all non-Windows users. It also serves as a fallback option, if AD Query cannot identify a user. If you configure Transparent Kerberos Authentication, then the browser attempts to authenticate users transparently by getting identity information before the Captive Portal username/password page is shown to the user. |
Data Center, or internal server protection |
The options are:
|
Terminal Servers and Citrix environments |
Terminal Servers. Requires you to install the Terminal Servers Endpoint Identity Agent on each Terminal Server. |
Users that access the organization through VPN |
Remote Access. Lets you identify Mobile Access and IPsec VPN clients that work in Office Mode. |
Environment that use a RADIUS server for authentication |
RADIUS Accounting. Make sure that you configure the Security Gateway as a RADIUS Accounting client and give it access permissions and a shared secret. |
These are the priorities of the different Identity Sources: