Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
JordanF
Explorer
Jump to solution

Identity Awareness / Identity Collector and Azure AD / Autopilot devices

Hello,

We are going to deploy Identity Awareness with Identity collector solution to collect users information.
This solution seems to be efficient for a large scale enterprise who use standard AD. But we are also moving to Azure AD with Autopilot devices.

How does IDA fit into this environment ? I can see it is compatible with captive portal, but this one is not a solution for us.
Do we have a way to collect identities from Azure AD as the collector do ?

Thank you.

Regards,
Jordan

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin

Unfortunately, Azure AD is not part of the supported sources for Identity Collector. Here is the quote from sk108235

The identities are collected from these servers:

  • Microsoft Active Directory Domain Controllers:
    - Windows Server 2008
    - Windows Server 2008 R2
    - Windows Server 2012
    - Windows Server 2012 R2
    - Windows Server 2016
    - Windows Server 2019
    - Windows Server 2022
  • Cisco Identity Services Engine (ISE) Servers, versions 2.0, 2.1, 2.2, 2.3, 2.4, 2.6, 2.7, 3.0, and 3.1
  • Syslog messages (requires R80.20 Security Gateway)
  • NetIQ eDirectory 8.8 (requires R80.20 Security Gateway)

You can raise an RFE with your local Check Point office

View solution in original post

0 Kudos
8 Replies
PhoneBoy
Admin
Admin

Identity Collector only works with on-premise AD, to the best of my knowledge.
@Royi_Priov can you or someone on your team confirm?

0 Kudos
CheckPointerXL
Advisor
Advisor

+1 to the question

My case is a little bit different, customer wanna deploy IC on win server to Azure and pull/push identities from/to gateway/AD-on-prem

what do you think about this design?

 
 
 
f_wild15
Participant

Anyone with this use case ? 

0 Kudos
Jones
Collaborator
Collaborator

I'm facing a similar case. Did your design work like you suggested?

0 Kudos
f_wild15
Participant

Hi, 

 

Yes it's working well. 
Windows servers are deployed in Azure with Identity Collector installed on them (like you do onprem)

Ensure that you open all flows in Azure (Firewalls + NSG) if needed

0 Kudos
Jones
Collaborator
Collaborator

Hi, did you also use the Windows server in Azure with the Identity Collector to connect to Azure AD solution or only to the onprem AD?

0 Kudos
f_wild15
Participant

As _Val_ mentionned below, AzureAD is not supported in Identitty Collector. 

 

I am only collecting from Active Directory servers with my IA servers installed in Azure. 

0 Kudos
_Val_
Admin
Admin

Unfortunately, Azure AD is not part of the supported sources for Identity Collector. Here is the quote from sk108235

The identities are collected from these servers:

  • Microsoft Active Directory Domain Controllers:
    - Windows Server 2008
    - Windows Server 2008 R2
    - Windows Server 2012
    - Windows Server 2012 R2
    - Windows Server 2016
    - Windows Server 2019
    - Windows Server 2022
  • Cisco Identity Services Engine (ISE) Servers, versions 2.0, 2.1, 2.2, 2.3, 2.4, 2.6, 2.7, 3.0, and 3.1
  • Syslog messages (requires R80.20 Security Gateway)
  • NetIQ eDirectory 8.8 (requires R80.20 Security Gateway)

You can raise an RFE with your local Check Point office

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events