Showing results for 
Search instead for 
Did you mean: 
Create a Post

Identity Awareness in-depth explanation?


I wonder is there any in-depth explanation available of Identity Awareness - especially in respect how PDP and PEP work together, how the Identity Sharing actually works?

When you use pdp/pep commands, you have some output, but is somewhere explained what it means? Eg. what about the "network to PDP mapping table" and the "network registrations table"?

To have documentation of this would make troubleshooting IA issues much easier.



Tags (1)
2 Replies

Re: Identity Awareness in-depth explanation?

Hi Markus,

I would recommend starting with Identity Awareness admin guide

R80.10 guide:

Identity Awareness R80.10 Administration Guide 

Your questions are regarding Identity Sharing and I suggest reading more about it.

In few words, Identity Awareness is divided into 3 main entities:

  1. Identity Source - responsible to acquire the identity information from an external resource.
  2. PDP - responsible to communicate with the identity source, performs LDAP query to get the identity group membership, access roles matching and sharing with PEP.
  3. PEP - responsible to the identity enforcement part.

The protocol which transfer identities between PDP to PEP is the "Identity Sharing".


Royi Priov

Team Leader, Identity Awareness R&D.

Royi Priov
Group manager, Identity Awareness R&D
0 Kudos