Identity Sources
This section describes the Identity Sources.
Identity Sources determine how the Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. learns the user names and computers that generate traffic on the network.
You must enable the applicable identity sources in the Identity Awareness Security Gateway object > Identity Awareness page, and install the Access Control Policy.
Identity Source |
Description |
---|---|
Identities are acquired through the authentication web portal on Identity Awareness Gateway (Captive Portal A Check Point Identity Awareness web portal, to which users connect with their web browser to log in and authenticate, when using Browser-Based Authentication.), or Transparent Kerberos An authentication server for Microsoft Windows Active Directory Federation Services (ADFS). Authentication. |
|
See AD Query |
Identities are acquired seamlessly from the Microsoft Active Directory. This is a clientless identity acquisition tool. |
Identity Agents |
Identities are acquired using Identity Agents that are installed on the user endpoint computers. |
Terminal Servers |
Identities are acquired using Identity Agents that are installed on Windows-based application server that hosts Terminal Servers, Citrix XenApp, and Citrix XenDesktop services. These Identity Agents are used to identify traffic from individual users on Terminal Servers. |
RADIUS Accounting |
Identities are acquired using RADIUS Accounting directly from a RADIUS Accounting Client. |
Identities are acquired using Identity Agents that are installed on Microsoft Active Directory Domain Controllers, Cisco Identity Services Engine (ISE) Servers, or NetIQ eDirectory Servers. |
|
Identity Web API See Identity Web API |
Gives you a flexible method for creating identities. |
Remote Access See Remote Access |
Identities are acquired for Mobile Access Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB. clients and IPsec VPN Check Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access. clients configured to work in Office Mode, when they connect to the Security Gateway. For this to work, you must enable both the Identity Awareness and IPsec VPN Software Blades on the same Security Gateway. |