Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority

identity logging of internet browsing

Hello CheckMates,

we had a use case getting reports for internet browsing with user identity.
Normally this is no problem, but we have the requirement to install nothing in the customers directory service (ActiveDirectory).
Meaning no Identity Collector, no TerminalServerIdentityAgent. We can do logins or requests to the ActiveDirectory but all has to be done via external software/processes.

AD-Query will work, but this will be not more supported and does not work with the newest domain controller versions.

I've a feeling maybe captive portal is a solution but does this work for 3000-5000 users?
Does captive portal support authentication with SingleSignOn via ActiveDirectory ?
Does captive portal support authentication for users of TerminalServer (CitrixVDI, Microsoft TerminalServer) environments ?
Does captive portal support authentication if the connection seen on the gateway coming from a proxy with X_forwarding_for-flag set ?

Any other ideas ?
Identity Collector running on a server not member of this ActiveDirectory ?

Wolfgang

0 Kudos
1 Reply
Alex-
Leader Leader
Leader

If I get your question right, you can not install IC on the AD but you could on another server.

It will work as long as you get a user member of Event Log Readers group and have connectivity to both AD and FW according to the relevant SK and the firewall can do the reverse lookup.

It's usually my preferred choice of deployment, as customers never give access to their AD but would give me a dedicated server on which I could manage the IC software which doesn't require a domain admin account.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events