Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring the Advanced Query Feature for Obtaining User Identity Information from JIMS

 

Configuring the advanced query feature involves the following tasks:

Configuring the Advanced Query Feature for Obtaining User Identity Information from JIMS

By configuring the advanced user query feature, the device can query JIMS and add identity information in the local active directory authentication table.

Follow the steps below to configure the advanced query feature:

  1. Configure the IP address of the primary JIMS server.
  2. Configure the client ID that the device provides to the JIMS primary server as part of its authentication to it.
  3. Configure the client secret that the device provides to the JIMS primary server as part of its authentication to it.
  4. Configure the IP address for the secondary JIMS server.
  5. Configure the client ID that the device provides to the JIMS secondary server as part of its authentication to it.
  6. Configure the client secret that the device provides to the JIMS secondary server as part of its authentication to it.
  7. Configure the maximum number of user identity items that the device accepts in one batch in response to the query.
  8. Configure Interval in seconds after which the device issues a query request for newly generated user identities.
  9. Configure active directory domains of interest to the device. You can specify up to twenty domain names for the filter.
  10. Configure the address book name to include the IP filter.
  11. Configure the referenced address set.
  12. Configure the trace option file name.
  13. Configure trace file size.
  14. Configure the level of debugging output.
  15. Configure the trace identity management for all modules.

Configure Security Policy Parameters to Match the User Identity Information Obtained from JIMS

To configure the security policy:

  1. Configure authentication source for the device identity feature to work.
  2. Configure the device identity profile.
  3. Configure the domain name to which the device belongs.
  4. Create a source address for a security policy.
  5. Create a destination address for a security policy.
  6. Configure the port-based application to match the policy.
  7. Define a username or a role (group) name that the JIMS sends to the device. Example: "jims-dom1.local\user1".
  8. Permit the packet if the policy matches.
  9. Configure the session initiation time.
  10. Configure the session close time.