Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create Identity Management Profiles

Use the Create Identity Management Profile page to create a JIMS profile and to obtain user identities.

To create an identity management profile:

  1. Select SRX > Identity > JIMS.

    The Identity Management Profile page appears.

  2. Click the + sign.

    The Create Identity Management Profile page appears.

  3. Complete the configuration by using the guidelines in Table 1.
  4. Click OK.
Table 1: Fields on the Create Identity Management Profile Page

Field

Description

General

Name

Enter a unique string that begins with alphanumeric characters. You can use colons, periods, dashes, and underscores. The maximum length is 62 characters.

Description

Enter a description for the identity management profile. The maximum length is 255 characters.

Primary JIMS server

Enter a valid IPv4 address of the primary JIMS server.

SRX Series Firewalls always query the primary JIMS to obtain the user identities.

Primary CA certificate path

Enter the certificate path of the primary JIMS server. The SRX Series Firewall uses this certificate to verify the certificate of the JIMS server for the SSL connection that is used for the user query function. For example: ’/var/tmp/RADIUSServerCertificate.crt’

When SRX Series Firewall does not receive the information from JIMS through the Web API POST requests, user query enables the SRX Series Firewall to query JIMS for authentication and identity information for an individual user.

Secondary Identity

Enable this option to use the secondary JIMS server as a fallback when the primary JIMS server fails. By default, this option is disabled.

Secondary JIMS server

Enter a valid IPv4 address of the secondary JIMS server.

The secondary JIMS is available as a fall back option with limited resources. Use the secondary JIMS when the HTTP GET or number of queries to the primary JIMS fails.

Secondary JIMS certificate path

Enter the certificate path of the secondary JIMS server. The SRX Series Firewall uses this certificate to verify the JIMS server certificate for the SSL connection, used for the user query function.

Assign Devices—Add Devices

Device Name

Select the SRX Series Firewall from the list for JIMS to send the report on user identities.

Client ID

Enter the client ID that the SRX Series Firewall requires to obtain an access token for the JIMS user query function. The client ID must be consistent with the API client configured on JIMS.

Secret Key

Enter the client secret used with the client ID that the SRX Series Firewall requires to obtain an access token. The client secret must be consistent with the API client configured on JIMS.
Note:

If you delete the assigned device, the JIMS profile configuration is removed from the device. If you add any new device the JIMS profile configuration is assigned to the new device.
Connection Settings

Connection Type

Select the application protocol from the list to connect the SRX Series Firewall to JIMS for user query request. You identify the connection protocol along with the configuration that identifies JIMS. The user query function allows the SRX Series Firewall to request user authentication and identity information for an individual user from JIMS.

  • HTTP—Protocol that JIMS uses to connect to the SRX Series Firewall.

  • HTTPS—Secure version of the protocol that JIMS uses to connect to the SRX Series Firewall.

If you do not select the connection type, HTTPS is used by default.

Port

Select the connection port of the JIMS server, from the list. Default port number is 443. The range is 1 to 65535.

Token API

Enter the token API used to generate the URL to acquire an access token. The token API is combined with the connection method and the IP address of JIMS to produce the complete URL used to acquire an access token.

For example, if the token API is oauth, the connection method is HTTPS, and the IP address of JIMS is 192.0.2.199, the complete URL to acquire an access token would be https://192.0.2.199/api/oauth.

The default token API is oauth_token/oauth.

Query API

Enter the query API to specify the path of the URL that the SRX Series Firewall uses to query JIMS for an individual user. For the SRX Series Firewall to be able to make a request, you must have configured the query API to obtain an access token.

The SRX Series Firewall generates the complete URL for the user query request by combining the query API string with the connection method (HTTP/HTTPS) and the JIMS IP address.

The default token API is user_query/v2.

Advanced

Maximum items per batch

Enter the value for maximum number of reports to include in the JIMS response.

Range: 100 through 1000.

Query interval

Enter the time interval, in seconds, for SRX Series Firewalls to periodically query JIMS for the newly generated user identities.

Range: 1 through 60 seconds.

Query delay time

Enter the time in seconds for the SRX Series Firewall to delay before sending the individual IP queries to JIMS for authentication and identity information for individual users.

After the delay timeout expires, the SRX Series Firewall performs the following actions:

  • Sends the query to JIMS.
  • Creates a pending entry for the user in the Routing Engine authentication table.

Range: 1 through 60 seconds

Invalid timeout

 Enter the timeout interval (in minutes) after which, the idle entries in the JIMS authentication table expire. The timeout interval begins from when the user authentication entry is added to the authentication table. This value can be between 10 and 1440 minutes, where a value of 0 means no timeout.

IP query

Click the toggle button to disable the IP address query function that is enabled by default.

Filter for domain

The SRX Series Firewall sends a query to JIMS for the user identity information within the specified domains. Enter a comma-separated list of up to 25 domain names. A domain name can be an alphanumeric string of up to 64 characters that can also contain dashes, underscores, and dots.

Example: example.net