Add Identity (v1.0)
Creates a new Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. association for a specified IP address.
|
Parameter |
Type |
Description |
---|---|---|
|
String (IP) |
Created IPv6 identity |
|
String (IP) |
Created IPv4 identity |
|
String |
Textual description of the command's result |
|
Best Practice - You must include the domain name whenever available, to make sure that the user is authorized by the correct server, improves performance and prevents incorrect authorization, when there are identical user names in more than one domain. |
|
Notes
|
Example 1 - Minimum request for user identity generation
Request
POST https://gw.acme.com/_IA_API/v1.0/add-identity
{ "shared-secret":"****", "ip-address":"1.2.3.5", "user":"mary" } |
Response
{ "ipv4-address":"1.2.3.5", "message":"Association sent to PDP." } |
Example 2- User-defined groups, calculate roles
Request
POST https://gw.acme.com/_IA_API/v1.0/add-identity
{ "shared-secret":"****", "ip-address":"1.1.1.1", "user":"john", machine":"", "domain":"cme.com", "user-groups":["MyUserGroup"], "roles":[],"timeout":4, "fetch-user-groups":0, "calculate-roles":1, "identity-source":"ACME API Client" } |
Response
{ "ipv4-address":"1.1.1.1", "message":"Association sent to PDP." } |
Example 3 - User-defined groups and roles, detailed information
Request
POST https://gw.acme.com/_IA_API/v1.0/add-identity
Response
{ "ipv4-address" : "2.2.2.2", "message" : "Association sent to PDP." } |