Identity Sources

An Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway gets identities from different identity sources.

An Identity Awareness Gateway gets information from some identity sources directly.

For other identity sources, Identity Clients installed on an endpoint device or Windows server get identities and share them with the Identity Awareness Gateway.

Identity Clients have versions that are different from the versions of Identity Awareness Gateways.

To download the latest Identity Clients, see sk134312.

Identity Source	Documentation	Description
Browser-Based Authentication	See these: Browser-Based Authentication. Configuring Browser-Based Authentication Getting Identities with Browser-Based Authentication	The Identity Awareness Gateway gets identities from one of these: The authentication web portal on the Identity Awareness Gateway (Captive Portal A Check Point Identity Awareness web portal, to which users connect with their web browser to log in and authenticate, when using Browser-Based Authentication.) Transparent Kerberos An authentication server for Microsoft Windows Active Directory Federation Services (ADFS). Authentication
AD Query	See these: AD Query . Configuring AD Query Getting Identities for Active Directory Users	The Identity Awareness Gateway gets identities seamlessly from Microsoft Active Directory. This is a clientless identity acquisition tool (AD Query Check Point clientless identity acquisition tool. It is based on Active Directory integration and it is completely transparent to the user. The technology is based on querying the Active Directory Security Event Logs and extracting the user and computer mapping to the network address from them. It is based on Windows Management Instrumentation (WMI), a standard Microsoft protocol. The Check Point Security Gateway communicates directly with the Active Directory domain controllers and does not require a separate server. No installation is necessary on the clients, or on the Active Directory server.).
Identity Agents	See the Identity Awareness Clients Administration Guide.	The Identity Awareness Gateway gets identities from Identity Agents that are installed on the user endpoint computers.
Terminal Servers	See the Identity Awareness Clients Administration Guide.	The Identity Awareness Gateway gets identities from Identity Agents that are installed on a Windows-based application server that hosts Terminal Servers, Citrix XenApp, and Citrix XenDesktop services. These Identity Agents identify individual users.
RADIUS Accounting	See these: RADIUS Accounting Configuring RADIUS Accounting.	The Identity Awareness Gateway gets identities through RADIUS Accounting directly from a RADIUS accounting client.
Identity Collector	See the Identity Awareness Clients Administration Guide.	The Identity Awareness Gateway gets identities from Identity Collectors that are installed on these: Microsoft Active Directory Domain Controllers Cisco Identity Services Engine (ISE) Servers NetIQ eDirectory Servers
Identity Web API	See these: Identity Web API Configuring Identity Awareness API	Gives you a flexible method to create identities.
Remote Access	See these: Configuring Remote Access Mobile Access Administration Guide for your version Remote Access VPN Administration Guide for your version	The Identity Awareness Gateway gets identities from Mobile Access Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB. clients and IPsec VPN Check Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access. clients configured to work in Office Mode when they connect to the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..