Identity Sources

This section describes the Identity Sources.

Identity Sources determine how the Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. learns the user names and computers that generate traffic on the network.

You must enable the applicable identity sources in the Identity Awareness Security Gateway object > Identity Awareness page, and install the Access Control Policy.

Identity Source	Description
Browser-Based Authentication Authentication of users in Check Point Identity Awareness web portal - Captive Portal, to which users connect with their web browser to log in and authenticate. See Browser-Based Authentication	Identities are acquired through the authentication web portal on Identity Awareness Gateway (Captive Portal A Check Point Identity Awareness web portal, to which users connect with their web browser to log in and authenticate, when using Browser-Based Authentication.), or Transparent Kerberos An authentication server for Microsoft Windows Active Directory Federation Services (ADFS). Authentication.
Active Directory Query (AD Query Check Point clientless identity acquisition tool. It is based on Active Directory integration and it is completely transparent to the user. The technology is based on querying the Active Directory Security Event Logs and extracting the user and computer mapping to the network address from them. It is based on Windows Management Instrumentation (WMI), a standard Microsoft protocol. The Check Point Security Gateway communicates directly with the Active Directory domain controllers and does not require a separate server. No installation is necessary on the clients, or on the Active Directory server.) See AD Query	Identities are acquired seamlessly from the Microsoft Active Directory. This is a clientless identity acquisition tool.
Identity Agents See Identity Agents for a User Endpoint Computer	Identities are acquired using Identity Agents that are installed on the user endpoint computers.
Terminal Servers See Terminal Servers	Identities are acquired using Identity Agents that are installed on Windows-based application server that hosts Terminal Servers, Citrix XenApp, and Citrix XenDesktop services. These Identity Agents are used to identify traffic from individual users on Terminal Servers.
RADIUS Accounting See RADIUS Accounting	Identities are acquired using RADIUS Accounting directly from a RADIUS Accounting Client.
Identity Collector Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses and sends it to the Check Point Security Gateways or Infinity Identity solution for identity enforcement, you can download the Identity Collector package from the Support Center. See Identity Collector	Identities are acquired using Identity Agents that are installed on Microsoft Active Directory Domain Controllers, Cisco Identity Services Engine (ISE) Servers, or NetIQ eDirectory Servers.
Identity Web API See Identity Web API	Gives you a flexible method for creating identities.
Remote Access See Remote Access	Identities are acquired for Mobile Access Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB. clients and IPsec VPN Check Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access. clients configured to work in Office Mode, when they connect to the Security Gateway. For this to work, you must enable both the Identity Awareness and IPsec VPN Software Blades on the same Security Gateway.

Identity Source

Description

Browser-Based Authentication Authentication of users in Check Point Identity Awareness web portal - Captive Portal, to which users connect with their web browser to log in and authenticate.

See Browser-Based Authentication

Identities are acquired through the authentication web portal on Identity Awareness Gateway (Captive Portal A Check Point Identity Awareness web portal, to which users connect with their web browser to log in and authenticate, when using Browser-Based Authentication.), or Transparent Kerberos An authentication server for Microsoft Windows Active Directory Federation Services (ADFS). Authentication.

Active Directory Query (AD Query Check Point clientless identity acquisition tool. It is based on Active Directory integration and it is completely transparent to the user. The technology is based on querying the Active Directory Security Event Logs and extracting the user and computer mapping to the network address from them. It is based on Windows Management Instrumentation (WMI), a standard Microsoft protocol. The Check Point Security Gateway communicates directly with the Active Directory domain controllers and does not require a separate server. No installation is necessary on the clients, or on the Active Directory server.)

See AD Query

Identities are acquired seamlessly from the Microsoft Active Directory.

This is a clientless identity acquisition tool.

Identity Agents

See Identity Agents for a User Endpoint Computer

Identities are acquired using Identity Agents that are installed on the user endpoint computers.

Terminal Servers

See Terminal Servers

Identities are acquired using Identity Agents that are installed on Windows-based application server that hosts Terminal Servers, Citrix XenApp, and Citrix XenDesktop services.

These Identity Agents are used to identify traffic from individual users on Terminal Servers.

RADIUS Accounting

See RADIUS Accounting

Identities are acquired using RADIUS Accounting directly from a RADIUS Accounting Client.

Identity Collector Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses and sends it to the Check Point Security Gateways or Infinity Identity solution for identity enforcement, you can download the Identity Collector package from the Support Center.

See Identity Collector

Identities are acquired using Identity Agents that are installed on Microsoft Active Directory Domain Controllers, Cisco Identity Services Engine (ISE) Servers, or NetIQ eDirectory Servers.

Identity Web API

See Identity Web API

Gives you a flexible method for creating identities.

Remote Access

See Remote Access

Identities are acquired for Mobile Access Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB. clients and IPsec VPN Check Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access. clients configured to work in Office Mode, when they connect to the Security Gateway.

For this to work, you must enable both the Identity Awareness and IPsec VPN Software Blades on the same Security Gateway.