https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-in-depth-explanation/m-p/35886#M7597 <HTML><HEAD></HEAD><BODY><P>Hi Markus,</P><P></P><P>I would recommend starting with Identity Awareness admin guide</P><P>R80.10 guide:</P><P><A class="link-titled" href="https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/html_frameset.htm" title="https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/html_frameset.htm">Identity Awareness R80.10 Administration Guide</A>&nbsp;</P><P></P><P>Your questions are regarding Identity Sharing and I suggest reading more about it.</P><P>In few words, Identity Awareness is divided into 3 main entities:</P><OL><LI>Identity Source - responsible to acquire the identity information from an external resource.</LI><LI>PDP - responsible to communicate with the identity source, performs LDAP query to get the identity group membership, access roles matching and sharing with PEP.</LI><LI>PEP - responsible to the identity enforcement part.</LI></OL><P></P><P>The protocol which transfer identities between PDP to PEP is the "Identity Sharing".</P><P></P><P>Thanks,</P><P>Royi Priov</P><P>Team Leader, Identity Awareness R&amp;D.</P></BODY></HTML> Wed, 17 Oct 2018 07:10:37 GMT Royi_Priov 2018-10-17T07:10:37Z https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-in-depth-explanation/m-p/35885#M7596 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I wonder is there any in-depth explanation available of Identity Awareness - especially in respect how PDP and PEP work together, how the Identity Sharing actually works?</P><P></P><P>When you use pdp/pep commands, you have some output, but is somewhere explained what it means? Eg. what about the "network to PDP mapping table" and the "network registrations table"?</P><P></P><P>To have documentation of this would make troubleshooting IA issues much easier.</P><P></P><P>Thanks</P><P>Markus</P></BODY></HTML> Tue, 16 Oct 2018 15:57:58 GMT https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-in-depth-explanation/m-p/35885#M7596 Markus_Marquard 2018-10-16T15:57:58Z https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-in-depth-explanation/m-p/35886#M7597 <HTML><HEAD></HEAD><BODY><P>Hi Markus,</P><P></P><P>I would recommend starting with Identity Awareness admin guide</P><P>R80.10 guide:</P><P><A class="link-titled" href="https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/html_frameset.htm" title="https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/html_frameset.htm">Identity Awareness R80.10 Administration Guide</A>&nbsp;</P><P></P><P>Your questions are regarding Identity Sharing and I suggest reading more about it.</P><P>In few words, Identity Awareness is divided into 3 main entities:</P><OL><LI>Identity Source - responsible to acquire the identity information from an external resource.</LI><LI>PDP - responsible to communicate with the identity source, performs LDAP query to get the identity group membership, access roles matching and sharing with PEP.</LI><LI>PEP - responsible to the identity enforcement part.</LI></OL><P></P><P>The protocol which transfer identities between PDP to PEP is the "Identity Sharing".</P><P></P><P>Thanks,</P><P>Royi Priov</P><P>Team Leader, Identity Awareness R&amp;D.</P></BODY></HTML> Wed, 17 Oct 2018 07:10:37 GMT https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-in-depth-explanation/m-p/35886#M7597 Royi_Priov 2018-10-17T07:10:37Z https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-in-depth-explanation/m-p/35887#M7598 <HTML><HEAD></HEAD><BODY><P>Some other valuable articles I have come across over the years <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" />&nbsp;</P><P></P><P><A class="link-titled" href="https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk86441" title="https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk86441">ATRG: Identity Awareness</A>&nbsp;</P><P><A class="link-titled" href="https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk88520" title="https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk88520">Best Practices - Identity Awareness Large Scale Deployment</A>&nbsp;</P><P><A class="link-titled" href="https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk65404" title="https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk65404">Establishing SIC trust between Identity Awareness entities managed by different Security Management Servers / Domain Man…</A>&nbsp;</P><P><A class="link-titled" href="https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk113747" title="https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk113747">How to troubleshoot Identity Awareness AD Query connectivity issues</A>&nbsp;</P></BODY></HTML> Wed, 17 Oct 2018 08:17:49 GMT https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-in-depth-explanation/m-p/35887#M7598 Kaspars_Zibarts 2018-10-17T08:17:49Z