push-to-identity-management
Syntax
push-to-identity-management;
Hierarchy Level
[edit security policies from-zone zone-name to-zone zone-name policy policy-name then permit firewall-authentication]
Description
Configure JIMS with SRX Series Firewall to push the authentication entries with a
successful authentication state to the Juniper Identity Management Service server.
Configure JIMS with SRX Series Firewall to view the JIMS status online. For more
information, see Configuration of JIMS with SRX Series
Firewall. You use the push-to-identity-management
statement in conjunction with the query-api/user statement, which sets the path of
the URL for querying user
identities.
When the SRX Series Firewall does not have authentication information for a user
based on the user’s IP address, it can force the user to authenticate through
captive portal to obtain the user ID information and authenticate the user. If a
security policy that specifies firewall authentication is configured with the
push-to-identity-management statement, the user information is
pushed to the Juniper Identity Management Service server.
After you push the entry to the Juniper Identity Management Service server, you can use the batch query function to obtain authentication information for that user from the Juniper Identity Management Service server, including the groups that the user belongs to.
-
For push-to-identity-management to successfully push the authentication entry to JIMS, you must configure JIMS and verify that JIMS status is online.
-
The SRX Series Firewall does not update the authentication-entry time-out state to Juniper Identity Management Service.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 15.1X49-D100.