This feature is available for R80.10 Gateways and above.
![](/legacyfs/online/checkpoint/67983_2 identity tag object.png)
The new Identity Tag object gives you tag-based identification in your Access Control Policy.
Supported tag sources:
- Cisco ISE Security Groups
- Check Point Identity Awareness Portal and API
Step 1: Create a new Identity Tag in SmartConsole
![](/legacyfs/online/checkpoint/67984_1 new tag.png)
![](/legacyfs/online/checkpoint/67988_2 identity tag object.png)
Step 2: Create an Access Role object and select this Identity Tag
![](/legacyfs/online/checkpoint/67989_3 use them in access roles.png)
![](/legacyfs/online/checkpoint/67991_5 use them in access roles.png)
Step 3: Use this Access Role object in your Access Control Policy.
![](/legacyfs/online/checkpoint/67992_6 use them in security policies.png)
Step 4: Publish your changes, and Install Policy.
Tell us what you think about this new feature in the comments below.