Print Download PDF Send Feedback

Previous

Next

Configuring Endpoint Identity Agents

Endpoint Identity Agent Deployment Methods

There are different Endpoint Identity Agent deployment methods:

Configuring Endpoint Identity Agent Deployment from Captive Portal

To configure Endpoint Identity Agent deployment from Captive Portal:

  1. From the Identity Awareness page, select the Endpoint Identity Agents checkbox.
  2. Select Browser-Based Authentication and click Settings.
  3. From the Portal Settings window, select the Require users to download checkbox to make users install the Endpoint Identity Agent. Select which Endpoint Identity Agent they must install. If you select this option and you do not select the defer option, users will can only access the network if they install the Endpoint Identity Agent.
  4. To give users flexibility to choose when they install the Endpoint Identity Agent, select Users may defer installation until. Select the date by which they must install it. Until that date a Skip Endpoint Identity Agent installation option shows in the Captive Portal.
  5. Click OK.

Configuring Endpoint Identity Agent Deployment for User Groups

When necessary, you can configure specific groups to download the Endpoint Identity Agent. For example, if you have a group of mobile users that roam and it is necessary for them to stay connected as they move between networks.

To configure Endpoint Identity Agent deployment for user groups:

  1. From the Identity Awareness page, select the Endpoint Identity Agent checkbox.
  2. Select Browser-Based Authentication and click Settings.
  3. Select Name and password login and click Settings.
  4. Select Adjust portal settings for specific user groups - You can add user groups and give them settings that are different from other users. Settings specified for a user group here override settings configured elsewhere in the Portal Settings. The options that you configure for each user group are:
    • If they must accept a user agreement.
    • If they must download the Endpoint Identity Agent and which one.
    • If they can defer the Endpoint Identity Agent installation and until when.
  5. Click OK.

Configuring Endpoint Identity Agents in SmartConsole

In the Identity Sources section of the Identity Awareness page, select Endpoint Identity Agents to configure Endpoint Identity Agent settings.

To configure the Endpoint Identity Agent settings:

  1. Select Endpoint Identity Agents and click Settings.
  2. From the Endpoint Identity Agents Settings window, configure:
    • Endpoint Identity Agent Access Settings
    • Authentication Settings
    • Session details
    • Endpoint Identity Agent Upgrades

Endpoint Identity Agent Access

Click Edit to select from where the Endpoint Identity Agent can be accessed. The options are based on the topology configured for the Security Gateway.

Users can communicate with the servers if they use networks connected to these interfaces.

Session

Configure data for the logged in session using the Endpoint Identity Agent.

Endpoint Identity Agent Upgrades

Configure data for Endpoint Identity Agent upgrades.

Note - When you install or upgrade the Full Endpoint Identity Agent version, the user will experience a momentary loss of connectivity.

Troubleshooting Authentication Issues

Some users cannot authenticate with the Endpoint Identity Agent

This issue can occur in Kerberos environments with a very large Domain Controller database. The authentication failure occurs when the CCC message size is larger than the default maximum size. You can increase the maximum CCC message size to prevent this error.

To increase the maximum CCC message size, use the procedure in sk66087.

Transparent Portal Authentication fails for some users

This issue can occur for users that try to authenticate with Kerberos authentication with the transparent portal. The user sees a 400 Bad Request page with this message:

Your browser sent a request that this server could not understand.

Size of a request header field exceeds server limit.

The authentication failure occurs because the HTTP request header is larger than the default maximum size. You increase the maximum HTTP request header to prevent this error.

To increase the maximum HTTP request header size, use the procedure in sk92802.