- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: Identity collector and user directory relation
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Identity collector and user directory relation
Hello Experts,
I need clarification on identity collector and user directory relations while identity a user and mapping that user to the Right access role.
Basically, we have configured to get identity with multiple ad servers with the help of an identity collector ,,,
sometimes we have issues with the user who is configured with some user access role like identity-Facebook-user (this group is using the LDAP user inside it)
what I like to understand is the usage of the user directory option in each gateway.
by default all user directories are selected ..should I select the user directory which is related to each gateway and set the priority on each gateway object to make it work every time
attaching a screenshot of user directory setting
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The use case is not clear. Please elaborate with more details and desired results.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Val,
Thanks for quick reply .
Use case is simple.
to create is user access role based on ldap group membership and then applied the user access role to FIrewall(application+url blade) to filter some traffic like facebook or allow something like Dropbox.
Access work some time and sometime end user just loose there access role while checking pdp m user info in gateway.
user shows as identified user but the access role which i has applied in past lost for some reason.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do you build your rulebase? How do you configure your Identity collector? What is the version in use?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do some reading in regards to AD Global Catalog (sk134292) as you might want to use that too....
It can happen, that in some cases, user is identified correctly, but mapping to AD Group is not happening. This could be, because at a search of AD Groups for that particular user is not returning the proper group, either because it's not finding it or because the AD Group is chained and it can go to a certain depth.
Can you provide screenshots with an user identified and mapped properly and one that is not .
ty,
PS: we have similar behavior with identities received from ISE and with Global Catalog we should fix that. (still in PoC/tests)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would suggest to contact TAC ! Moved to Gateways as this hardly is a General Topic!