https://community.checkpoint.com/t5/General-Topics/Identity-awareness-deployment-for-Non-AD-Member/m-p/129746#M23637 <P>Here's the scenario - the customer management would like to restrict the corporate users on using non-domain laptops when connecting to the corporate network. Only domain managed devices can be allowed, non-domain laptop should be restricted even the corporate user entered the correct corporate domain credentials to the captive portal, their access should be denied because the device is unmanaged by the AD.</P><P>Can we implement this kind of use case? are there any option on Identity Awareness that can we install like an agent and check the user endpoint if part of AD or not?&nbsp;</P> Mon, 20 Sep 2021 07:39:58 GMT snowball14 2021-09-20T07:39:58Z https://community.checkpoint.com/t5/General-Topics/Identity-awareness-deployment-for-Non-AD-Member/m-p/129746#M23637 <P>Here's the scenario - the customer management would like to restrict the corporate users on using non-domain laptops when connecting to the corporate network. Only domain managed devices can be allowed, non-domain laptop should be restricted even the corporate user entered the correct corporate domain credentials to the captive portal, their access should be denied because the device is unmanaged by the AD.</P><P>Can we implement this kind of use case? are there any option on Identity Awareness that can we install like an agent and check the user endpoint if part of AD or not?&nbsp;</P> Mon, 20 Sep 2021 07:39:58 GMT https://community.checkpoint.com/t5/General-Topics/Identity-awareness-deployment-for-Non-AD-Member/m-p/129746#M23637 snowball14 2021-09-20T07:39:58Z https://community.checkpoint.com/t5/General-Topics/Identity-awareness-deployment-for-Non-AD-Member/m-p/129753#M23639 <P>Yes, e.g. by SSO:&nbsp;<A href="https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_IdentityAwareness_AdminGuide/62838.htm" target="_blank">https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_IdentityAwareness_AdminGuide/62838.htm</A></P> Mon, 20 Sep 2021 08:13:41 GMT https://community.checkpoint.com/t5/General-Topics/Identity-awareness-deployment-for-Non-AD-Member/m-p/129753#M23639 G_W_Albrecht 2021-09-20T08:13:41Z https://community.checkpoint.com/t5/General-Topics/Identity-awareness-deployment-for-Non-AD-Member/m-p/129801#M23645 <P>Access Roles can include machine identity, which will only exist for machines in AD.<BR />This should allow you to create more restrictive rules for users on machines not on AD.</P> Mon, 20 Sep 2021 16:00:54 GMT https://community.checkpoint.com/t5/General-Topics/Identity-awareness-deployment-for-Non-AD-Member/m-p/129801#M23645 PhoneBoy 2021-09-20T16:00:54Z