Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

User Information Source Overview

 

You can configure a user information source to enable user information collection from an Identity and Access Management endpoint.

An Identity and Access Management endpoint is a product that collects and manages electronic user identities, group memberships, and access permissions. These endpoints are called user information sources.

Use the following utilities to configure and manage user information sources:

  • Tivoli Directory Integrator - You must install and configure a Tivoli Directory Integrator on a non-JSA host.

  • UISConfigUtil.sh - Use this utility to create, retrieve, update, or delete user information sources. You can use user information sources to integrate JSA using a Tivoli Directory Integrator server.

  • GetUserInfo.sh - Use this utility to collect user information from a user information source and store the information in a reference data collection. You can use this utility to collect user information on demand or on a schedule.

User Information Sources

A user information source is a configurable component that enables communication with an endpoint to retrieve user and group information.

JSA systems support the following user information sources:

Table 1: Supported Information Sources

Information Source

Information that is collected

MicrosoftWindows Active Directory (AD), version 2008 - MicrosoftWindows AD is a directory service that authenticates and authorizes all users and computers that use your Windows network.

  • full_name

  • user_name

  • user_principal_name

  • family_name

  • given_name

  • account_is_disabled

  • account_is_locked

  • password_is_expired

  • password_can_not_be_changed

  • no_password_expired

  • password_does_not_expire

Reference Data Collections for User Information

This topic provides information about how reference data collections store data collected from user information sources.

When JSA collects information from a user information source, it automatically creates a reference data collection to store the information. The name of the reference data collection is derived from the user information source group name. For example, a reference data collection that is collected from MicrosoftWindows AD might be named Domain Admins.

The reference data collection type is a Map of Maps. In a Reference Map of Maps, data is stored in records that map one key to another key, which is then mapped to a single value.

For example:

  • #

  • # Domain Admins

  • # key1,key2,data

  • smith_j,Full Name,John Smith

  • smith_j,account_is_disabled,0

  • smith_j,account_is_locked,0

  • smith_j,account_is_locked,1

  • smith_j,password_does_not_expire,1

Integration Workflow Example

After user and group information is collected and stored in a reference data collection, there are many ways in which you can use the data in JSA.

You can create meaningful reports and alerts that characterize user adherence to your company's security policies.

Note

If you want to collect application security logs, you must create a Device Support Module (DSM). For more information, see the Juniper Secure Analytics Configuring DSMs Guide.

User Information Source Configuration and Management Task Overview

To initially integrate user information sources, you must perform the following tasks:

  1. Configure a Tivoli Directory Integrator server. See Configuring the Tivoli Directory Integrator Server.

  2. Create and manage user information sources. See Creating and Managing User Information Source.

  3. Collect user information. See Collecting User Information.