Identity Web API

The Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Identity Web API is a flexible identity source that you can use for simple integration with 3rd party security and identity products, such as ForeScout CounterACT and Aruba Networks ClearPass. The Identity Web API identity source provides a flexible method for the creation of identities based on environment needs. With the Identity Web API, you can create and cancel identities, and query the Identity Awareness Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. regarding users, IP addresses, and computers.

The Identity Web API uses the REST protocol over HTTPS. The Identity Awareness Gateway authenticates and authorizes the users and computers with the information it gets from the Web API.

You can create associations for users and machines. Identity Awareness Gateway can calculate their group membership and Access Roles, or you can provide that information. The Web API is useful for:

Integration with 3rd party security products. For example, you can apply a special restricted Access Role Access Role objects let you configure network access according to: Networks, Users and user groups, Computers and computer groups, Remote Access Clients. After you activate the Identity Awareness Software Blade, you can create Access Role objects and use them in the Source and Destination columns of Access Control Policy rules. to quarantine an infected computer detected by a 3rd party security provider.
Integration with other authentication systems.
Automation of administrative tasks related to Identity Awareness.

Identity Web API gets JSON requests over HTTPS. Each JSON request contains one Identity Web API command, or a bulk of commands. Each API command must include a shared secret that was pre-configured in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

The Identity Web API supports these commands

Command	Description
`add-identity`	Associates an IP address to a user or a computer for a specified quantity of time.
`delete-identity`	Revokes sessions that match one IP address or an IP range.
`show-identity`	Queries the identities related to an IP address, and other information the Identity Awareness blade saves about this IP address.