Query Identity (v1.0)

Queries the Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. associations of a given IP address.

Syntax

POST https://<IP Address or FQDN of Gateway>/_IA_API/idasdk/show-identity

Parameter	Type	Description	Default Value
`shared-secret`	String	Shared secret	N/A
`ip-address`	String (IP)	Identity IP address	N/A

Response Fields

Parameter	Type	Description
`ipv6-address`	String (IP)	Queried IPv6 identity
`ipv4-address`	String (IP)	Queried IPv4 identity
`message`	String	Textual description of the command's result
`users`	Array	All user identities on this IP. The Information includes these fields: Users' full names (full name if available, falls back to user name if not) Array of groups Array of roles Identity source
`machine`	String	Computer name, if available
`machine-groups`	Array	List of computer groups
`combined-roles`	Array	List of all the Access Roles on this IP, for auditing and enforcement purposes.
`machine-identity-source`	String	Machine session's identity source, if the machine session is available.

Note - If more than one identity source authenticated the user, the result shows a separate record for each identity source.

Example

Request

POST https://gw.acme.com/_IA_API/v1.0/show-identity

{
 "shared-secret":"****",
 "ip-address":"1.1.1.1"
}

Response 1 - User identity is available

{
  "combined-roles":[
  "All_Identified_Users",
  "User_John"
  ],
  "domain":"cme.com",
  "ipv4-address":"1.1.1.1",
  "machine":"admin-pc@cme.com",
  "message":"total 1 user records were found.",
  "users":[
    {
      "groups":[
      "All Users",
      "ad_user_John_Smith"
      ],
      "identity-source':AD Query",
      "roles":[
      "All_identified_Users",
      "User_John"
      ],
      "user":"JohnSmith"
    }
  ]
}

Response 2 - User and computer identities are available

{
 "combined-roles":[
 "Admin-PC_cme.com",
 "All_Identified_Users",
 "User_John"],
 "domain":"cme.com",
 "ipv4-address":"192.168.110.126",
 "machine":"admin-pc@ad.ida",
 "machine-groups":[ "ad_machine_ADMINPC",
 "All Machines"],
 "machine-identity-source":" Identity Awareness API (ACME API Client):,
 "message":"total 1 user records were found.",
 "users":[
  {
   "groups":[
   "All Users",
   "ad_user_John_Smith"
   ],
   "identity-source":"Identity Awareness API (ACME API Client)",
   "roles":[
   "Admin-PC_ad.ida",
   "All_Identified_Users",
   "User_John"
   ],
   "user":"John Smith"
  }
 ]
}

Response 3 - Multiple user identities are available

{
 "combined-roles":[
 "Admin-PC",
 "All_Identified_Users",
 "User_John"
 ],
 "domain":"cme.com",
 "ipv4-address":"192.168.110.126",
 "machine":"admin-pc@cme.com",
 "machine-identity-source":"AD Query",
 "ad_machine_ADMINPC",
 "All Machines"
 ],
 "message":"total 2 user records were found.",
 "users":[
  {
   "groups":[
   "All Users"
   ],
   "identity-source": "AD Query",
   "roles":[
   "Admin-PC",
   "All_Identified_Users"
   ],
   "user":"George Black"
  },
  {
   "groups":[
   "All Users",
   "ad_user_John_Smith"
   ],
   "identity-source": "AD Query",
   "roles":[
   "Admin-PC",
   "All_Identified_Users",
   "User_John"
   ],
   "user":"John Smith"
  }
 ]
}

Response 4 - No identity found

{
 "ipv4-address" : "1.1.1.1",
 "message" : "total 0 user records were found."
}