Identity Tag

What can I do here?

Use this window to create a new identity tag or edit an existing one.

Using Identity Tags in Access Role Matching

Identity Tags let you include external identifiers (such as Cisco® Security Group Tags, or any other groups provided by any Identity Source) in Access Role matching. These external identifiers act like a tag that can be assigned to a certain user, machine or group.

To use Identity Tags in Access Role matching:

1. Create a new Identity Tag:
   1. Click Objects menu > More object types > User > Identity Tag.
   2. Enter a name for the object.

      Note - If you enter the External Identifier first, the Identity Tag object gets the same name.

   3. In the External Identifier field, enter one of these:
      • A Cisco Security Group Tag, as defined on the Cisco ISE server or acquired through Identity Collector.
      • A custom tag (defined on a third party product) acquired through the Check Point Identity Web API.

      Note - The External Identifier must be a unique name.

   4. Click OK.
2. Include the Identity Tag in an Access Role:
   1. Click Objects menu > More object types > User > New Access Role.
   2. On the Users tab or Machines tab, select Specific users/groups.
   3. Click the [+] icon.
   4. Click on the domain name button in the top left corner and select Identity Tags.
   5. Select the Identity Tag created in Step 1.
   6. Click OK.
3. Add this Access Role to the Source or Destination column of an Access Policy rule.
4. Install the Access Policy.