This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dmartinez
Participant
Participant
‎2023-05-25 02:23 AM
Jump to solution

Identity tags from third party sources

Hello,

 

I found an old post regarding this topic but with no solution to the following issue:

 

I am integrating a third party identity source (Clearpass) via IA API and I would like to work with identity tags. The thing is that I cannot see in the IA API guide the way to create this tags in Clearpass so they can match with my Identity Tags in Check Point.

 

Would it match if the string of any attribute sent via api is the same as the value in Identity Tag "External Identifier"?

 

Thanks!!

CCSM
0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-05-25 07:11 AM
Jump to solution

As I recall it's the groups provided with the user-group field from Aruba that is matched to the identity tag (tag external identifier).

The Identity tag itself is created within Check Point and linked with an access-role referenced in the policy.

CCSM R77/R80/ELITE

View solution in original post

5 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-05-25 03:44 AM
Jump to solution

I would suggest to contact CP TAC to learn if and how this is possible ! You can later post the solution here...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-05-25 07:11 AM
Jump to solution

As I recall it's the groups provided with the user-group field from Aruba that is matched to the identity tag (tag external identifier).

The Identity tag itself is created within Check Point and linked with an access-role referenced in the policy.

CCSM R77/R80/ELITE
dmartinez
Participant
Participant
‎2023-05-25 07:29 AM
In response to Chris_Atkinson
Jump to solution

Hi Chris,

 

That makes sense. I will try by matching the tag External Identifier with the "user-group" attribute string and post the result.

 

Thanks!

CCSM
0 Kudos
dmartinez
Participant
Participant
‎2023-06-05 08:14 AM
In response to Chris_Atkinson
Jump to solution

Hello,

I have tested it and it works. The Identity Awareness API collects the string contained in the field "user-groups" and it matches it with the "External Identifyer" value of the Identity Tag.

The authentication event is correctly associated to the Access Role that contains the Identity Tag.

Thanks!!

CCSM
0 Kudos
PhoneBoy
Admin
Admin
‎2023-05-25 12:11 PM
Jump to solution

I presume it is similar to how Azure AD worked in R80.40 (before we added support for GraphAPI).
This means manually creating the tag on the Check Point side using the same name, same capitalization as the relevant group(s) defined in Clearpass.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events