Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dmartinez
Participant
Jump to solution

Identity tags from third party sources

Hello,

 

I found an old post regarding this topic but with no solution to the following issue:

 

I am integrating a third party identity source (Clearpass) via IA API and I would like to work with identity tags. The thing is that I cannot see in the IA API guide the way to create this tags in Clearpass so they can match with my Identity Tags in Check Point.

 

Would it match if the string of any attribute sent via api is the same as the value in Identity Tag "External Identifier"?

 

Thanks!!

CCSM
0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee

As I recall it's the groups provided with the user-group field from Aruba that is matched to the identity tag (tag external identifier).

The Identity tag itself is created within Check Point and linked with an access-role referenced in the policy.

CCSM R77/R80/ELITE

View solution in original post

5 Replies
G_W_Albrecht
Legend Legend
Legend

I would suggest to contact CP TAC to learn if and how this is possible ! You can later post the solution here...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Chris_Atkinson
Employee Employee
Employee

As I recall it's the groups provided with the user-group field from Aruba that is matched to the identity tag (tag external identifier).

The Identity tag itself is created within Check Point and linked with an access-role referenced in the policy.

CCSM R77/R80/ELITE
dmartinez
Participant

Hi Chris,

 

That makes sense. I will try by matching the tag External Identifier with the "user-group" attribute string and post the result.

 

Thanks!

CCSM
0 Kudos
dmartinez
Participant

Hello,

I have tested it and it works. The Identity Awareness API collects the string contained in the field "user-groups" and it matches it with the "External Identifyer" value of the Identity Tag.

The authentication event is correctly associated to the Access Role that contains the Identity Tag.

Thanks!!

CCSM
0 Kudos
PhoneBoy
Admin
Admin

I presume it is similar to how Azure AD worked in R80.40 (before we added support for GraphAPI).
This means manually creating the tag on the Check Point side using the same name, same capitalization as the relevant group(s) defined in Clearpass.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events