This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alex-
Leader Leader
Leader
‎2018-11-15 02:39 AM

Identity Awareness and OU

I admit that I am not an AD expert, and I got this question following an implementation. Version is R80.20.

So basically, the user wants to be able to to use OU as objects in the policy. The closest I could get to their request is to match machines based on a search on the OU, which return an AD group. However the user would really like to use directly OU but I'm not certain about the implementation that's requested, since in my opinion if you create an acces role and search for machines based on OU, this boils down to the same thing.

TL;DR: is it possible to create just OU objects in a policy to identify machines?

0 Kudos
3 Replies
Kaspars_Zibarts
Employee Employee
Employee
‎2018-11-15 03:35 AM

As far as I know you can only implement CNs (common names, i.e groups, user names or machines) but not OUs.

Royi Priov‌ can hopefully provide 100% answer Smiley Happy

0 Kudos
Royi_Priov
Employee
Employee
‎2018-11-15 04:03 AM

Kaspars Zibarts‌ thanks for tagging me!

Hi Alex,

Yes, it's possible.

First, you need to create an LDAP group which represents the OU DN.

Second, you should place this LDAP group in an access role.

Good luck!

Royi Priov

Team Leader, Identity Awareness R&D

Thanks,
Royi Priov
R&D Group manager, Infinity Identity
Alex-
Leader Leader
Leader
‎2018-11-15 04:28 AM
In response to Royi_Priov

Thanks Royi Priov‌ for the answer and Kaspars Zibarts‌ for bringing the expert in! Smiley Happy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events