Managing Users and Objects
Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide|265
Managing Users and Objects
This section describes how to set up and manage users (User Awareness, users, administrators, and
authentication servers) and network resources.
Working with User Awareness
In the User Awareness page you can turn the blade on or off and use the configuration wizard to configure
sources to get user identities for logging and configuration purposes.
User Awareness lets you configure the Quantum Spark Appliance to show user based logs instead of IP
address based logs and enforce access control for individual users and user groups.
Workflow
1. Turn on the User Awareness Software Blade.
2. Click the Configuration wizard to enable and configure the blade.
3. Select the identification methods to get information about users and user groups and configure the
identity sources.
4. After initial configuration, you can select the Active Directory Queries, Browser-Based
Authentication, or Identity Collector checkboxes in the Policy Configuration section and click
Configure for more advanced settings.
5. After the gateway acquires the identity of a user, you can enforce user-based rules on the network
traffic in the Access Policy.
Identity Sources
User Awareness can use these sources to identify users:
n
AD Query (Active Directory Queries) - Seamlessly queries the Active Directory servers to get user
information.
The Quantum Spark Appliance registers to receive security event logs from the AD domain
controllers when the security policy is installed. This requires administrator privileges for the AD
server. When a user authenticates with AD credentials, these event logs are generated and are sent
to the Security Gateway. The Quantum Spark Appliance can then identify the user based on the AD
security event log.
n
Browser-Based Authentication - Uses a portal to authenticate either locally defined users or as a
backup to other identification methods.
l
Browser-Based Authentication uses a web interface to authenticate users before they can
access network resources or the Internet. When users try to access a protected resource, they
must log in to a web page to continue. This identifies locally defined users or users that were
not successfully identified by other methods.
To Next Page
Loading...
