Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Add a Juniper Identity Management Service Profile

You are here: Security Services > Firewall Authentication > JIMS.

To add a Juniper Identity Management Service (JIMS) profile:

  1. Click Configure on the Juniper Identity Management Service page.

    The Configure Juniper Identity Management Service Profile page appears.

  2. Complete the configuration according to the guidelines provided in Table 1.
  3. Click Finish to save the changes. If you want to discard your changes, click Cancel.
Table 1: Fields on the Configure Juniper Identity Management Service Profile Page

Field

Action

General Information
Connection for Primary and Secondary Juniper Identity Management Service

Connection Type

Select a connection type from the list. The options available are: HTTPS and HTTP.

Port

Enter the port number or press up or down arrow to either increment or decrement the port number. The default value is 443.

Primary IP Address

Enter a primary IP address of JIMS server.

Primary CA Certificate

Specifies the primary certificate of the JIMS. SRX Series Firewall will use it to verify JIMS’s certificate for SSL connection.

Select Upload CA certificate to device or specify the path of the file on device.

Primary CA Certificate file upload

Enables you to locate and upload the CA certificate.

Click Browse to locate the CA certificate on your device and click Upload the selected CA certificate.

Primary CA Certificate file path

Enter a file path of the primary CA certificate.

Primary Client ID

Enter a primary client ID of the SRX Series Firewall to obtain access token. It must be consistent with the configuration of the API client created on JIMS.

Primary Client Secret

Enter a password which enables you to access the primary identity management server.

Specifies the client secret of the SRX Series Firewall to obtain access token. It must be consistent with the configuration of the API client created on JIMS.

Secondary Juniper Identity Management Service Server

Enables a secondary JIMS server, its IP address, CA certificate, client ID, and client secret.

Note:

If you enable, the Secondary IP Address, Secondary CA Certificate file upload, Secondary Client ID, Secondary Client Secret rows are displayed. Enter the IP address of the secondary server, browse and upload the secondary CA certificate, enter the secondary client ID and secret in the respective fields.

Token API

Enter the token API to specify the path of the URL for acquiring access token.

Default is ’oauth_token/oauth’.

Query API

Enter the path where the URL for querying user identities is located. Default is ‘user_query/v2’.

Click Next. The Advanced Settings page is displayed.

Advanced Settings
Batch Query

Item Per Batch

Specifies the maximum number of items in one batch query.

Enter the number of items. Range is 100 to 1000 and the default number is 200.

Query Interval

Specifies the interval for querying the newly generated user identities.

Enter the number of seconds you need between each query. The range is 1 through 60 (seconds), and the default value is 5.

IP Query

Query Delay Time

Specifies the time delay to send individual IP query.

Enter the time in seconds. The range is 0~60 (seconds). The default value is 15 seconds, which depends on the delay time of auth entry retrieved from JIMS to SRX.

No IP Query

Select the check box if you want to disable the IP query function that is enabled by default.

Authentication Timeout

Authentication Entry Timeout

Enter the value in minutes. The value range is 0 or 10~1440 (minutes). 0 means no need for a timeout. the default value is 60.

Specifies the time out value for authentication entry in identity management. The timeout interval begins from when the authentication entry is added to the identity-management authentication table. If a value of 0 is specified, the entries will never expire.

Invalid Authentication Entry Timeout

Enter the value in minutes. The value range is 0 or 10~1440 (minutes). 0 means no need for a timeout. the default value is 60.

Specifies the timeout value of invalid auth entry in the SRX Series authentication table for either Windows active directory or Aruba ClearPass.

Filter
Note:

You can select address set with maximum of 20 IP addresses and address set with wild card addresses.

Include IP Address Book

Select an IP address book from the predefined address book in which an address set must be selected as IP filter.

Include IP Address Set

Specifies the predefined address set selected as IP filter.

Select an IP address set from the list.

To add a new address set for the IP address book, click Add New Address Set.

Exclude IP Address Book

Select an IP address book that you want identity management profile to exclude.

Exclude IP Address Set

Select the predefined address set that you want identity management profile to exclude.

Filter to Domain

Enter one or more active directory domains, to the SRX Series device. You can specify up to twenty domain names for the filter.