Configuring the Identity Collector to Work with Active Directory

Workflow to configure the Identity Collector to work with Active Directory

  1. In the Identity CollectorClosed Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses, and sends it to the Check Point Security Gateways for identity enforcement. For more information, see sk108235. You can download the Identity Collector package from sk134312., add a new Active Directory Domain.

    See Working with Active Directory Domains in the Identity Collector.

  2. In the Identity Collector, add a new Active Directory Domain Controllers.

    Use one of these two options to add the necessary Domain Controllers.

  3. In the Identity Collector, add a new Query Pool, or edit a current Query Pool.

    See Working with Query Pools in the Identity Collector.

  4. In the Identity Collector, add a new Filter for the login events, or edit a current Filter.

    See Working with Filters for Login Events in the Identity Collector.

  5. Connect the Identity Collector to the Check Point Identity ServerClosed Check Point Security Gateway with enabled Identity Awareness Software Blade. (Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway).

    See Connecting the Identity Collector to the Identity Awareness Gateway.


  • The Identity Collector is using the Windows Event Log API for fetching the security logs from Domain Controllers.

  • The Identity Collector can communicate with up to 35 Active Directory servers.

  • The Identity Collector can process up to 1900 AD events per second.