https://community.checkpoint.com/t5/General-Topics/VPN-Cert-Auth-Read-OU-for-User-Groups/m-p/100532#M19539 <P>Hi All,</P><P>We are implementing certificate authentication for remote VPN without LDAP and AD. ISE is identity store and we are using ISE`s CA feature.&nbsp;</P><P>The authentication is working fine, as auth is going internally in firewall but we also need user groups for policy management.</P><P>I wonder is it possible to configre CP to read OU from cert and add users to groups based on OU?</P><P>&nbsp;</P><P>Thanks in advance!</P> Thu, 29 Oct 2020 10:44:40 GMT OrkhanRustamli 2020-10-29T10:44:40Z https://community.checkpoint.com/t5/General-Topics/VPN-Cert-Auth-Read-OU-for-User-Groups/m-p/100532#M19539 <P>Hi All,</P><P>We are implementing certificate authentication for remote VPN without LDAP and AD. ISE is identity store and we are using ISE`s CA feature.&nbsp;</P><P>The authentication is working fine, as auth is going internally in firewall but we also need user groups for policy management.</P><P>I wonder is it possible to configre CP to read OU from cert and add users to groups based on OU?</P><P>&nbsp;</P><P>Thanks in advance!</P> Thu, 29 Oct 2020 10:44:40 GMT https://community.checkpoint.com/t5/General-Topics/VPN-Cert-Auth-Read-OU-for-User-Groups/m-p/100532#M19539 OrkhanRustamli 2020-10-29T10:44:40Z https://community.checkpoint.com/t5/General-Topics/VPN-Cert-Auth-Read-OU-for-User-Groups/m-p/100816#M19570 <P>I believe we can only retrieve groups from LDAP.<BR />However, if you're integrating with Cisco ISE, you should be able to use Identity Tags as a group source.<BR />See:&nbsp;<A href="https://community.checkpoint.com/t5/Policy-Management/How-to-use-Identity-Awareness-Tags-in-R80-20-M1/m-p/17246" target="_blank">https://community.checkpoint.com/t5/Policy-Management/How-to-use-Identity-Awareness-Tags-in-R80-20-M1/m-p/17246</A>&nbsp;</P> Mon, 02 Nov 2020 05:23:42 GMT https://community.checkpoint.com/t5/General-Topics/VPN-Cert-Auth-Read-OU-for-User-Groups/m-p/100816#M19570 PhoneBoy 2020-11-02T05:23:42Z