Delete Identity (v1.0)

Delete Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. associations for one IP address, a range of IP addresses, a subnet, or associations for an IP address and a user name.

Syntax

POST https://<IP Address or FQDN of Gateway>/_IA_API/v1.0/delete-identity

Parameter

Type

Description

Default Value

shared-secret

String

Shared secret.

N/A

ip-address

String (IP)

Association IP address. Necessary when you revoke a single IP address.

Empty

revoke-method

String

Type of revoke method. It can be empty for the deletion of a single association by an IP address.

If not, then the permitted values are:

mask - for the deletion of all associations in a subnet.

range - for the deletion of all associations in a range.

user-name-and-ip - for the deletion of all associations with a specific user and a given IP address.

Empty

subnet

String (IP)

Subnet. Required when the revoke method is mask.

Empty

subnet-mask

String (IP)

Subnet mask. Required when the revoke method is mask.

Empty

ip-address-first

String (IP)

First IP address in the range. Required when the revoke method is range.

Empty

ip-address-last

String (IP)

Last IP address in the range. Required when the revoke method is range.

Empty

client-type

String

Deletes only associations created by the specified identity source. If no value is set for the client-type parameter, or if it is set to any, the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. deletes all identities associated with the given IP address(es) (the Client Type table has a list of the permitted values).

Note - When the client-type is set to vpn (remote access), the Security Gateway deletes all the identities associated with the given IP address(es). This is because when you delete an identity associated with an Office Mode IP address, this usually means that this Office Mode IP address is no longer valid..

Any

user

String

User name. Required when the revoke-method is set to user-name-and-ip.

Empty

List of identity sources for the client-type parameter

Client type	Description
`any`	All identity sources
`captive-portal`	Browser-Based Authentication Authentication of users in Check Point Identity Awareness web portal - Captive Portal, to which users connect with their web browser to log in and authenticate.
`ida-agent`	Identity Agents
`vpn`	Remote Access
`ad-query`	Active Directory query
`multihost-agent`	Terminal Servers (Multi-User Host (MUH) Agent)
`radius`	RADIUS Accounting
`ida-api`	Identity Web API
`identity-collector`	Identity Collector Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses, and sends it to the Check Point Security Gateways for identity enforcement. You can download the Identity Collector package from Support Center. See sk134312.

Response Fields

Parameter	Type	Description
`ipv6-address`	String (IP)	Deleted IPv6 association
`ipv4-address`	String (IP)	Deleted IPv4 association
`message`	String	Textual description of the command's result
`count`	Unsigned integer	Number of deleted identities

Examples

Example 1 - Delete by IP

Request

POST https://gw.acme.com/_IA_API/1.0/delete-identity

 "shared-secret":"****",

 "ip-address":"1.1.1.1"

Response

 "count":"1",

 "ipv4-address":"1.1.1.1",

 "message":"Disassociation sent to PDP."

Example 2 - Delete by IP range

Request

POST https://gw.acme.com/_IA_API/v1.0/delete-identity

 "shared-secret":"****",

 "revoke-method":"range",

 "ip-address-first":"1.1.1.2",

 "ip-address-last":"1.1.1.3"

Response

 "count":"2",

 "message":"Total of 2 IPs disassociations will be processed."

Example 3 - Delete by IP subnet

Request

POST https://gw.acme.com/_IA_API/idasdk/delete-identity

 "shared-secret":"****",

 "revoke-method":"mask",

 "subnet":"1.1.1.1",

 "subnet-mask":"255.255.255.0"

Response

 "count":"100",

 "message":"Total of 100 IPs disassociations will be processed."

Example 4 - Delete by IP and user name

Request

POST https://gw.acme.com/_IA_API/idasdk/delete-identity

 "shared-secret":"****",

 "ipv4-address":"1.1.1.1",

 "revoke-method":"user-name-and-ip",

 "user":"USER_NAME",

Response

 "count":"2",

 "ipv4-address":"1.1.1.1",

 "message":"Disassociation sent to PDP."