Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
NorthernNetGuy
Advisor
Jump to solution

Identity Collector Single User assumption

Does Identity Collector have the ability to assume that only one user is connected per computer, as AD Query does?

I like that identity collector can ignore RDP events from the initiating computer, but I'm unsure if it has the ability to do single user assumption, or if this is assumed by default. We have many shared computers where we want the current logged in user to be the assumed single user.

1 Solution

Accepted Solutions
Royi_Priov
Employee
Employee

Kaspars Zibarts‌ - thanks for tagging me.

Hi David,

PDP saves only one user and machine per IP.

It means, that "Assume that only one user is connected per computer" option (which is configurable in AD Query) is always enabled in Identity Collector.

I saw you have mentioned this is the desired behavior for you. If there is someone needs this to be changed (to be configurable), you are welcome to open RFE with your local office and discuss it with me.

Thanks,

Royi Priov - Identity Awareness R&D.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D

View solution in original post

9 Replies
Kaspars_Zibarts
Employee Employee
Employee

It's partially true. Only single user is supported per IP address but the latest security event will determine user-IP association. For example, user A currently associated with IP x.x.x.x. Then this user runs an application as another user B on the same machine. That will trigger security event that will be passed onto IDC and as a result now IP x.x.x.x will be associated with user B.

At least that's how it works for us and is causing headaches as we have typically two user IDs on aa machine. I know that version that supports two user IDs per IP is coming out but it doesn't sound that will help you.

Royi Priov‌ might have better comments

0 Kudos
NorthernNetGuy
Advisor

Are you saying that the Identity Collector does single user assumption? In example, the most recent user login event for an IP is the one that is associated with the IP, and previous user associations are revoked.

This is the only case I need from Identity Collector, as I can make exemptions for any machines that have simultaneous remote sessions (for us would only be a few servers, all other computers only allow one user signed in at a time).

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

That's correct sir!    I was about to suggest exclusion list but left it out. Great to hear of it works for you

SerB
Explorer

>At least that's how it works for us and is causing headaches as we have typically two user IDs on aa machine. I know that version that supports two user IDs per IP is coming out but it doesn't sound that will help you.

Did they add this? I've been searching for information today and all I was able to find was your old message.

0 Kudos
Royi_Priov
Employee
Employee

Kaspars Zibarts‌ - thanks for tagging me.

Hi David,

PDP saves only one user and machine per IP.

It means, that "Assume that only one user is connected per computer" option (which is configurable in AD Query) is always enabled in Identity Collector.

I saw you have mentioned this is the desired behavior for you. If there is someone needs this to be changed (to be configurable), you are welcome to open RFE with your local office and discuss it with me.

Thanks,

Royi Priov - Identity Awareness R&D.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
THHQ_IT_Ops
Explorer

Hi Royi Priov,

Sorry to get back on this old topic, but I need some clarifications on "Single User Assumption" on Identity Collector.

We were using AD query as Identity Awareness source with option "Assume that only one user is connected per computer" disabled,
we are currently on version R80.40.

Recently we decided to migrate to Identity Collector instead. It works well but we noted that now there is only one identity per IP identified by Indentity awareness, we checked Gateway and Identity collector Settings, it seems with this method there is not the prossibility to have multiple identities for on IP.

Do you confirm Identity Collector only works like that ?

Is there a hided setting to allow Multiple ID's per IP with Identity Collector ??

Best Regards.

Paulo

Luis_Esteban
Participant

Hi,

We're in the same situation as THHQ_IT_Ops, is there a possibility to allow more than one identity per IP when using identity collector? or should I survive with that issue?

 

Thanks in advance

0 Kudos
PhoneBoy
Admin
Admin

Multiple users are supported on Windows 10 by deploying MUHv2 to the relevant machines:
See: https://support.checkpoint.com/results/sk/sk177024 
Without deploying an agent, I believe this is still an RFE that should be addressed with your local Check Point office.

0 Kudos
Luis_Esteban
Participant
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events