Statement introduced in Junos OS Release 15.1X49-D100.
Configure firewall authentication to push authentication entries with a successful authentication state to the Juniper Identity Management Service server. You use this statement in conjunction with the query-api/user statement, which sets the path of the URL for querying user identities.
When the SRX Series device does not have authentication information for a user based on the user’s IP address, it can force the user to authenticate through captive portal to obtain the user ID information and authenticate the user. If a security policy that specifies firewall authentication is configured with the push-to-identity-management statement, the user information is pushed to the Juniper Identity Management Service server.
After you push the entry to the Juniper Identity Management Service server, you can use the batch query function to obtain authentication information for that user from the Juniper Identity Management Service server, including the groups that the user belongs to.
The SRX Series device does not update the authentication-entry time-out state to Juniper Identity Management Service.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.