Help Center User GuideGetting Started
 
X
User Guide
Getting Started
Contents  

Identity Management Configuration Page Options

Procedure

  1. Select Configure>Security>User Firewall>Identity Management in the J-Web user interface.

    The Identity Management page appears.

    Note You cannot configure identity management if active directory is configured. Disable active directory to create a identity management profile.

    This page displays:

    • The values that you have configured for identity management. You can either edit a few values or delete the entire configuration.

    • The connection status of this SRX device with the Juniper Identity Management Service (JIMS), primary as well as secondary server.

    Note If you have not configured the identity management profile, the configure button is displayed; click Configure to create a profile.

    Table 252 explains the contents of this page.

  2. If you want to edit or delete the existing profile, click one:
    • /—Enables you to edit the existing profile.

    • X—Deletes the existing profile.

  3. Click one:
    • Finish—Saves the configuration and returns to the main configuration page.

    • Back—Displays the General Information page and enables you to edit it.

    • Cancel—Cancels your entries and returns to the main configuration page.

Table 252: Identity Management Profile Page

Field

Displays the

General Information

 

Connection Type

type of connection (HTTP or HTTPS).

Port Number

connection port to JIMS server.

Primary IP Address

primary IP address of the JIMS server.

Primary CA Certificate

primary CA certificate of the JIMS server.

Primary Client ID

client-id of the device to obtain access token from primary JIM Server

Secondary IP Address

secondary IP address of the JIMS server.

Secondary Connection Status

connection status to the secondary JIMS server.

Secondary CA Certificate

secondary CA certificate of the JIMS server.

Secondary Client ID

client-id of the device to obtain access token from secondary JIMS server.

Query API

path of the URL for querying user identities.

Token API

path of the URL for acquiring access token.

Advanced Settings

Note: Advanced query cannot be configured when active-directory auth or ClearPass Webapi is enabled. Disable active-directory-access and authentication-source under User-Identification and disable webapi services before committing identity management configuration.

 

Items per Batch

maximum items number in one batch query.

No IP Query

status of no-ip-query; Enabled/Disabled

Authentication Entry Timeout

timeout value of auth entry from identity-management.

No Authentication Entry Timeout

Address-book

Address-set

Domain

Table 253: Configure or Edit Identity Management Profile

Field FunctionAction

General Information - Connection for Primary and Secondary Identity

  

Connection Type

Specifies the type of connection that you want when the device accesses the JIMS server.

Enter a connection type. The options available are: HTTPS and HTTP.

Port

Specifies the connection port of JIMS server.

Enter the port number or press up or down arrow to either increment or decrement the port number. The default value is 443.

Primary IP Address

Specifies the primary IP address of JIMS server.

Primary CA Certificate

Specifies the primary certificate of the JIMS. SRX device will use it to verify JIMS’s certificate for SSL connection.

Select Upload CA certificate to device or Specify the path of the file on device.

Primary CA Certificate file upload

Enables you to locate and upload the CA certificate.

Click Browse to locate the CA certificate on your device and click Upload the selected CA certificate.

Primary Client ID

Specifies the primary client ID of the SRX device to obtain access token. It must be consistent with the configuration of the API client created on JIMS.

Enter an ID.

Primary Client Secret

Specifies the client secret of the SRX device to obtain access token. It must be consistent with the configuration of the API client created on JIMS.

Enter a password which enables you to access the primary identity management server.

Secondary Identity Management Server

Enables a secondary JIMS server, its IP address, CA certificate, client ID, and client secret.

Select Enable to enable the secondary server.

Note: If you enable, the Secondary IP Address, Secondary CA Certificate file upload, Secondary Client ID, Secondary Client Secret rows are displayed. Enter the IP address of the secondary server, browse and upload the secondary CA certificate, enter the secondary client ID and secret in the respective fields.

Token API

Specifies the path of the URL for acquiring access token.

Enter the token API. Default is ’oauth_token/oauth’.

Query API

Specifies the path of the URL for querying user identities.

Enter the path where the URL for querying is located. Default is ‘user_query/v2’.

Click Next. The Advanced Settings page is displayed.

Advanced Settings

  

Batch Query

  

Item Per Batch

Specifies the maximum number of items in one batch query.

Enter the number of items. Range is 100 to 1000 and the default number is 200.

Query Interval

Specifies the interval for querying the newly generated user identities.

Enter the number of seconds you need between each query. The range is 1~60 (seconds), and the default value is 5.

IP Query

  

Query Delay Time

Specifies the time delay to send individual IP query.

Enter the time in seconds. The range is 0~60 (seconds). The default value is 15 seconds, which depends on the delay time of auth entry retrieved from JIMS to SRX.

No IP Query

Allows you to disable IP query.

Select if you want to disable the IP query function that is enabled by default.

Authentication Timeout

  

Authentication Entry Timeout

Specifies the time out value for authentication entry in identity management. The timeout interval begins from when the authentication entry is added to the identity-management authentication table. If a value of 0 is specified, the entries will never expire.

Enter the value in minutes. The value range is 0 or 10~1440 (minutes). 0 means no need for a timeout. the default value is 60.

Invalid Authentication Entry Timeout

Specifies the timeout value of invalid auth entry in the SRX Series authentication table for either Windows active directory or Aruba ClearPass.

Enter the value in minutes. The value range is 0 or 10~1440 (minutes). 0 means no need for a timeout. the default value is 60.

Filter

  

Include IP Address Book

Specifies the predefined address book in which an address-set must be selected as IP filter.

Select an IP address book from the list.

Include IP Address Set

Specifies the predefined address set selected as IP filter.

Select an IP address set from the list.

To add a new address set for the IP address book, click Add New Address Set

Exclude IP Address Book

Specifies the IP address book that you want identity management profile to exclude.

Select an IP address set from the list that you want to exclude.

Exclude IP Address Set

Specifies the predefined address set that you want identity management profile to exclude.

Select an IP address book from the list.

Filter to Domain

Specified one or more active directory domains of interest to the SRX Series device. You can specify up to twenty domain names for the filter.

Enter the domain names separated by commas.

See Also

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit