Identity Detection - Best option? - Page 2

May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

Paradigm Shifts: Adventures Unleashed!
Capture Your Adventure for a Chance to WIN!

Join the Photo Contest!

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

We have a unique environment, and are having troubles identifying the best way to enforce role based access. Here are the problems I'm seeing with each Identity Awareness source:

Browser-Based: We don't want users to do browser based authentication every login.

AD Query: Assume single user host causes and RDP casuses RDP session account to override current login, and service account exemption isn't feasible for our structure.

Identity Agent: Doesn't support fast user switching

Terminal Server Agent - Doesn't support windows 10 Secureboot

Radius Accounting - We don't have radius auth configured for wired users yet.

Identity Collector - Doesn't support 2003 domain controllers (yes, I know, we are trying to upgrade)

Identity Web API - we would configure with Aruba Clearpass, but again isn't configured for wired users.

User Directory - Can it do user group detection, and handle multi user hosts? I think this is just for configuring LDAP accounts

I'm in quite a pickle on how to enforce access. Our previous TMG 2010 gateway used a proxy client to enforce access.