Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Explorer

VPN Cert Auth - Read OU for User Groups

Jump to solution

Hi All,

We are implementing certificate authentication for remote VPN without LDAP and AD. ISE is identity store and we are using ISE`s CA feature. 

The authentication is working fine, as auth is going internally in firewall but we also need user groups for policy management.

I wonder is it possible to configre CP to read OU from cert and add users to groups based on OU?

 

Thanks in advance!

0 Kudos
Reply
1 Solution

Accepted Solutions
Admin
Admin

I believe we can only retrieve groups from LDAP.
However, if you're integrating with Cisco ISE, you should be able to use Identity Tags as a group source.
See: https://community.checkpoint.com/t5/Policy-Management/How-to-use-Identity-Awareness-Tags-in-R80-20-M... 

View solution in original post

0 Kudos
Reply
1 Reply
Admin
Admin

I believe we can only retrieve groups from LDAP.
However, if you're integrating with Cisco ISE, you should be able to use Identity Tags as a group source.
See: https://community.checkpoint.com/t5/Policy-Management/How-to-use-Identity-Awareness-Tags-in-R80-20-M... 

View solution in original post

0 Kudos
Reply