push-to-identity-management
Syntax
push-to-identity-management;
Hierarchy Level
[edit security policies from-zone zone-name to-zone zone-name policy policy-name then permit firewall-authentication]
Description
Configure firewall authentication to push authentication entries with a successful authentication state to the Juniper Identity Management Service server. You use this statement in conjunction with the query-api/user statement, which sets the path of the URL for querying user identities.
When the SRX Series Firewall does not have authentication information for a user based on the
user’s IP address, it can force the user to authenticate through captive portal to
obtain the user ID information and authenticate the user. If a security policy that
specifies firewall authentication is configured with the
push-to-identity-management statement, the user information is
pushed to the Juniper Identity Management Service server.
After you push the entry to the Juniper Identity Management Service server, you can use the batch query function to obtain authentication information for that user from the Juniper Identity Management Service server, including the groups that the user belongs to.
The SRX Series Firewall does not update the authentication-entry time-out state to Juniper Identity Management Service.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 15.1X49-D100.