HP PCM+ 4.0 Identity Driven Manager User’s Guide
1-4Welcome to Identity Driven ManagerIntroduction Figure 1-1. IDM ArchitectureIDM consists of an IDM Agent that is co-resident on the RADIUS server,
3-36Using Identity Driven ManagerConfiguring Access ProfilesFigure 3-27. Network Resource Assignment Wizard, Denied Network Resources9. To deny access
3-37Using Identity Driven ManagerConfiguring Access ProfilesFigure 3-28. Network Resource Assignment Wizard, Priority Assignment10. Set the priority (
3-38Using Identity Driven ManagerConfiguring Access ProfilesFigure 3-29. Network Resource Assignment Wizard, Default Access12. Select the option to te
3-39Using Identity Driven ManagerConfiguring Access Profiles14. Select the check box to enable one or more Accounting functions (optional). This enabl
3-40Using Identity Driven ManagerConfiguring Access Profiles3. Modify the access profile parameters, as described for creating a new profile. Click Ed
3-41Using Identity Driven ManagerDefining Access Policy GroupsDefining Access Policy GroupsAn Access Policy Group (APG) contains rules that define the
3-42Using Identity Driven ManagerDefining Access Policy GroupsTo begin, expand the Domains node to display the Access Policy Group node in the IDM tre
3-43Using Identity Driven ManagerDefining Access Policy GroupsFigure 3-33. New Access Policy Group3. Type a Name and Description for the Access Policy
3-44Using Identity Driven ManagerDefining Access Policy GroupsParameters for Access Rules are described in the following table.6. Repeat the above pr
3-45Using Identity Driven ManagerDefining Access Policy Groups8. Click OK to save the Access Policy Group and close the window.IDM will verify that th
1-5Welcome to Identity Driven ManagerIntroductionThe IDM Server provides IDM configuration and monitoring. It operates as an add-on module to PCM+, us
3-46Using Identity Driven ManagerDefining Access Policy GroupsFigure 3-35. Access Rule with Endpoint Integrity optionsSelect the Endpoint Integrity op
3-47Using Identity Driven ManagerDefining Access Policy Groups1. Select the Access Policy Group node from the IDM tree to display the Access Policy Gr
3-48Using Identity Driven ManagerConfiguring User AccessConfiguring User AccessThe process of configuring User access to network resources using IDM i
3-49Using Identity Driven ManagerConfiguring User AccessAdding Users to an Access Policy GroupTo assign a user to an access policy group:1. Expand the
3-50Using Identity Driven ManagerConfiguring User AccessChanging Access Policy Group AssignmentsTo re-assign users to a different APG:1. Select the ac
3-51Using Identity Driven ManagerConfiguring User AccessFigure 3-37. Global Rules tabThe Global Rules tab provides the following data about defined gl
3-52Using Identity Driven ManagerConfiguring User Access2. Click the Create a New Global Rule button to display the New Global Rule window.Figure 3-38
3-53Using Identity Driven ManagerConfiguring User Accessd. Select the WLAN where the global rule will be used, or ANY Note that this option only appea
3-54Using Identity Driven ManagerConfiguring Auto-Allow OUIsConfiguring Auto-Allow OUIsIn addition to traditional authentication methods, such as 802.
3-55Using Identity Driven ManagerConfiguring Auto-Allow OUIsFigure 3-39. Network Access with Auto-Allow OUIIn the picture above, the following steps t
1-6Welcome to Identity Driven ManagerTerminologyTerminologyAccess Policy Group An IDM access policy group consists of one or more rules that govern th
3-56Using Identity Driven ManagerConfiguring Auto-Allow OUIs5. If a match is found, the device is assigned to the Access Policy Group associated with
3-57Using Identity Driven ManagerConfiguring Auto-Allow OUIsTo view all Auto-Allow OUIs in an Access Policy Group:1. From the IDM navigation tree, sel
3-58Using Identity Driven ManagerConfiguring Auto-Allow OUIsMonitoring OUI Events and User Session InformationWhen an incoming user name (MAC address)
3-59Using Identity Driven ManagerConfiguring Auto-Allow OUIsFigure 3-42. Add Auto-Allow OUI3. Select a pre-loaded well-known OUI or type in your own M
3-60Using Identity Driven ManagerConfiguring Auto-Allow OUIsc. Optionally, in the Description field, type a brief description identifying the type of
3-61Using Identity Driven ManagerConfiguring Auto-Allow OUIsORType the common characters in the prefix (1-12 hexadecimal characters) in the aa:aa:aa:a
3-62Using Identity Driven ManagerConfiguring Auto-Allow OUIsEditing your own CUSTOMOUIs file (example):OUIS { xyzPhoneVendor { aa-bb-c1=
3-63Using Identity Driven ManagerConfiguring Auto-Allow OUIsMoving an OUI to Another Access Policy Group1. Navigate to the Auto-Allow OUIs tab for the
3-64Using Identity Driven ManagerConfiguring Auto-Allow OUIsAuto-Allow OUIs for 802.1x and Web AuthenticationsThe order in which the access control is
3-65Using Identity Driven ManagerConfiguring Auto-Allow OUIs
1-7Welcome to Identity Driven ManagerTerminologyEndpoint Integrity Also referred to as “Host Integrity,” this refers to the use of applications that c
3-66Using Identity Driven ManagerDeploying Configurations to the AgentDeploying Configurations to the AgentAn option in the IDM Preferences allows you
3-67Using Identity Driven ManagerUsing Manual ConfigurationUsing Manual ConfigurationIt is simplest to let the IDM Agent run and collect information a
3-68Using Identity Driven ManagerUsing Manual Configuration3. Click OK to save the Domain information and close the window. The new Domain appears in
3-69Using Identity Driven ManagerAdding RADIUS ClientsAdding RADIUS ClientsYou can add and update RADIUS clients (PCM switches and manually added clie
3-70Using Identity Driven ManagerAdding RADIUS Clients4. Select the PCM switches to be configured as RADIUS clients on the selected RADIUS servers.Fig
3-71Using Identity Driven ManagerAdding RADIUS Clientsc. Click Next.As an example, suppose two RADIUS servers (S1, S2) and two RADIUS clients (C1, C2)
3-72Using Identity Driven ManagerAdding RADIUS ClientsFigure 3-48. Add RADIUS Client Wizard, RADIUS ParametersTo configure RADIUS parameters for a sin
3-73Using Identity Driven ManagerAdding RADIUS Clientsa. In the RADIUS clients list on the left, select All RADIUS clients to configure all listed cli
3-74Using Identity Driven ManagerAdding RADIUS Clients.Figure 3-49. Add RADIUS Client Wizard, Application of Settings9. The final window of the Add RA
3-75Using Identity Driven ManagerAdding RADIUS ClientsDeleting RADIUS ServersTo delete an existing RADIUS Server:Note: Before you can completely delet
1-8Welcome to Identity Driven ManagerIDM SpecificationsIDM SpecificationsSupported DevicesFor a list of IDM 4.0 features supported on HP Networking de
3-76Using Identity Driven ManagerAdding RADIUS ClientsAdding New UsersYou can let the IDM Agent automatically learn about the users from the Active Di
3-77Using Identity Driven ManagerAdding RADIUS Clients3. To restrict the user from logging in from a system that has not been defined in IDM, click th
3-78Using Identity Driven ManagerAdding RADIUS ClientsBulk import of allowed systems for IDM usersIf the multiple MAC addresses are to be added to the
3-79Using Identity Driven ManagerAdding RADIUS ClientsALLOWED_SYSTEMS_FILENAME specifies complete path of the Comma Sepa-rated Value (CSV) file.The va
3-80Using Identity Driven ManagerAdding RADIUS ClientsNote: Changes in Access Policy Group settings are not applied to the user until you Deploy the n
3-81Using Identity Driven ManagerUsing the User Import WizardUsing the User Import WizardThe IDM User Import Wizard lets you add users to IDM from ano
3-82Using Identity Driven ManagerUsing the User Import Wizarddirectory. If you are using any other LDAP directory source (for example Novell eDirector
3-83Using Identity Driven ManagerUsing the User Import WizardFigure 3-53. IDM User Import Wizard3. Click Next to continue to the Data Source selection
3-84Using Identity Driven ManagerUsing the User Import Wizard4. Click the radio button to select the Active Directory data source.5. Click Next to con
3-85Using Identity Driven ManagerUsing the User Import Wizard6. Select the scope of Active Directory groups from which you want to import user data. 7
1-9Welcome to Identity Driven ManagerUpgrading from Previous Versions of PCM and IDMUpgrading from Previous Versions of PCM and IDMThe installation pa
3-86Using Identity Driven ManagerUsing the User Import WizardFigure 3-57. IDM User Import Wizard, Add Users11. Check the Select check box(es) to choos
3-87Using Identity Driven ManagerUsing the User Import Wizard13. Click Next to continue to the Users and Groups Commitment window.Figure 3-58. IDM Use
3-88Using Identity Driven ManagerUsing the User Import WizardFigure 3-59. IDM User Import Wizard, LDAP Authenticationa. To use the SSL authentication
3-89Using Identity Driven ManagerUsing the User Import Wizardb. Select the LDAP Authentication type to be used with the imported user data:c. Click Ne
3-90Using Identity Driven ManagerUsing the User Import WizardFigure 3-60. IDM User Import Wizard, Simple AuthenticationTo set up Simple authentication
3-91Using Identity Driven ManagerUsing the User Import WizardFigure 3-61. IDM User Import Wizard, SASL Digest MD5 AuthenticationTo set up Digest MD5 a
3-92Using Identity Driven ManagerUsing the User Import WizardFigure 3-62. IDM User Import Wizard, SASL Kerberos V5 AuthenticationTo set up Kerberos V5
3-93Using Identity Driven ManagerUsing the User Import WizardFigure 3-63. IDM User Import Wizard, SASL External AuthenticationTo set up External authe
3-94Using Identity Driven ManagerUsing the User Import WizardFor example, if the X509 User Certificate is " myldapcert.cer" and the alias i
3-95Using Identity Driven ManagerUsing the User Import WizardThe remainder of the process for importing users from LDAP Servers is the same as describ
1-10Welcome to Identity Driven ManagerLearning to Use PCM+ IDMLearning to Use PCM+ IDMThe following information is available for learning to use PCM+
3-96Using Identity Driven ManagerUsing the User Import WizardKERBEROS_JAAS_CONFIG_FILE=config/idm_kerberos_jaas.conf // configura-tion file for JAAS K
3-97Using Identity Driven ManagerUsing the User Import WizardWhen using Novell eDirectory://Configuration for LDAP directory. Following values are for
3-98Using Identity Driven ManagerUsing the User Import WizardFigure 3-65. IDM User Import Wizard, XML Data SourceTo identify the XML file: 1. In the F
3-99Using Identity Driven ManagerUsing the User Import Wizard <Group name=”group name” description=”group description”> <Member name=”u
3-100Using Identity Driven ManagerUsing the User Import Wizard Any line that begins with # character is considered a comment. Auth ID must be a val
3-101Using Identity Driven ManagerUsing the User Import Wizard"user44","444444444444","44dev","facultyGroup",&
3-102Using Identity Driven ManagerUsing the User Import Wizarda. From the global toolbar, select Tools >Preferences.b. From the Preferences navigat
3-103Using Identity Driven ManagerUsing the User Import WizardFigure 3-68. IDM User Import Wizard
3-104Using Identity Driven ManagerUsing the User Import Wizard3. Click Next to continue to the Data Source selection window. Figure 3-69. Data Source4
3-105Using Identity Driven ManagerUsing the User Import WizardFigure 3-70. CSV Data Source6. Click Next to the Extracting User and Group Information w
2-12Getting StartedBefore You BeginIf you have not already done so, please review the list of supported devices and operating requirements under “IDM
3-106Using Identity Driven ManagerUsing the User Import WizardFigure 3-71. Extracting User and Group Information7. The IDM Import Wizard now shows all
3-107Using Identity Driven ManagerUsing the User Import WizardFigure 3-72. Add Users
3-108Using Identity Driven ManagerUsing the User Import WizardFigure 3-73. Remove Users8. Without changing any settings in the Remove User’s window th
3-109Using Identity Driven ManagerUsing the User Import WizardFigure 3-74. Users and Groups Commitment9. Click Go.The devices imported to the IDM DB c
3-110Using Identity Driven ManagerUsing the User Import WizardFigure 3-75. Imported Device to IDM DB
3-111Using Identity Driven ManagerUsing the User Import Wizard10. Import Complete window appears. Click Finish.Figure 3-76. Import Complete11. In the
3-112Using Identity Driven ManagerUsing the User Import WizardFigure 3-77. Devices Added to User Tab View12. Enable the Active Directory synchronizati
3-113Using Identity Driven ManagerUsing the User Import WizardFigure 3-79. CSV File Content Error
3-114Using Identity Driven ManagerUsing the User Import Wizard
4-14Using the Secure Access WizardOverviewThe Secure Access Wizard (SAW) feature in IDM is designed to simplify the initial setup of IDM by reducing t
2-2Getting StartedBefore You Begin2. From the available downloads list, click Windows PCM/IDM Agent Installer and then click Save to download the file
4-2Using the Secure Access WizardOverviewSupported DevicesThe Secure Access Wizard feature is on PCM devices that support use of 802.1X, Web-Auth, and
4-3Using the Secure Access WizardUsing Secure Access WizardUsing Secure Access WizardNote: The following section provides instructions on using the S
4-4Using the Secure Access WizardUsing Secure Access WizardNote: If you do not have a licensed copy of the PCM Mobility Manager software and there are
4-5Using the Secure Access WizardUsing Secure Access Wizard4. Click Next to continue to the next window. 5. If you selected one or more AP530 wireless
4-6Using the Secure Access WizardUsing Secure Access WizardUse the Device Capabilities link to determine if you can upgrade the device software to a v
4-7Using the Secure Access WizardUsing Secure Access WizardFigure 4-4. Secure Access Wizard, Authentication Method Selection example14. Click the chec
4-8Using the Secure Access WizardUsing Secure Access WizardFigure 4-5. Secure Access Wizard, Port Selection example16. To select ports from a list, cl
4-9Using the Secure Access WizardUsing Secure Access WizardFigure 4-6. Secure Access Wizard, Select PortsWhen the desired ports are selected, click OK
4-10Using the Secure Access WizardUsing Secure Access Wizard• If you selected a wireless device, the WLAN selection window displays, as described in s
4-11Using the Secure Access WizardUsing Secure Access Wizard22. The 802.1X Configuration window lets you select the authentication method to be applie
2-3Getting StartedBefore You BeginFigure 2-2. Server InformationFor the Agent to communicate with the PCM server, these values MUST MATCH the values s
4-12Using the Secure Access WizardUsing Secure Access Wizardb. In the Client Limit field, select or type the maximum number of clients to allow on one
4-13Using the Secure Access WizardUsing Secure Access WizardIf a device does not support the selected setting, the value you set will appear in the SA
4-14Using the Secure Access WizardUsing Secure Access Wizard23. The Web-Auth Configuration window lets you select the RADIUS authentica-tion method se
4-15Using the Secure Access WizardUsing Secure Access WizardFigure 4-11. Secure Access Wizard, Advanced Wired Web-Auth Advanced Web-Auth settings for
4-16Using the Secure Access WizardUsing Secure Access WizardIf a device does not support the selected setting, the value you set will appear in the SA
4-17Using the Secure Access WizardUsing Secure Access WizardFigure 4-12. Secure Access Wizard, MAC-Auth Configuration displaya. Select the MAC address
4-18Using the Secure Access WizardUsing Secure Access WizardFigure 4-13. Secure Access Wizard, Advanced (wired) Mac-Auth settings c. Click the check b
4-19Using the Secure Access WizardUsing Secure Access WizardIf a device does not support the selected setting, the value you set will appear in the SA
4-20Using the Secure Access WizardUsing Secure Access Wizarda. Select the check box for a RADIUS server to enable the server IP address field, and the
4-21Using the Secure Access WizardUsing Secure Access WizardEnter the RADIUS shared secret to be used for access authentication. Re-enter the shared s
Hewlett-Packard Company 8000 Foothills Boulevard, m/s 5551 Roseville, California 95747-5551 http://www.procurve.com© Copyright 2004, 2005, 2007, 2009,
2-4Getting StartedBefore You Begine. To change the default Password that the Agent will use to communicate with the PCM server, clear the related Use
4-22Using the Secure Access WizardUsing Secure Access Wizard34. Click the link to Save settings or Save as template, and launch the Save Settings dial
4-23Using the Secure Access WizardUsing Secure Access WizardFigure 4-18. Secure Access Wizard, Configuration Preview display39. Review the access secu
4-24Using the Secure Access WizardUsing Secure Access WizardFigure 4-19. Secure Access Wizard, Applying Settings statusThis window displays the progre
5-15Troubleshooting IDMIDM Events The IDM Events window is used to view and manage IDM events generated by the IDM application or the IDM Agent instal
5-2Troubleshooting IDMIDM EventsThe IDM Events tab works similarly to the PCM Events tab. It lists the IDM events currently contained in the database.
5-3Troubleshooting IDMIDM EventsSelect an event in the Events listing to display the Event Details at the bottom of the window. Figure 5-2. IDM Event
5-4Troubleshooting IDMIDM EventsUsing Event FiltersThe events shown in the Events tab view can be filtered to show only specific events based on the d
5-5Troubleshooting IDMIDM Eventsb. Unselect any filters that you want to remove.c. Click Apply. 4. To clear all selections that are currently set in t
5-6Troubleshooting IDMIDM EventsFigure 5-4. IDM Event ArchiveThe Archived Events window provides the following information for each event:You can sele
5-7Troubleshooting IDMIDM EventsTo further filter archived events, in the Filter field type the text of the filter you want to use. The display will l
2-5Getting StartedBefore You BeginRADIUS Server, then let it run to collect the information as users log into the network. Even after you begin creati
5-8Troubleshooting IDMIDM EventsFigure 5-5. Preferences, IDM Events 2. Use the fields in the Retain Messages section to set the percentage of IDM even
5-9Troubleshooting IDMIDM Events4. In the Archive events older than field, select the number of days to wait before archiving IDM events.5. Use the Li
5-10Troubleshooting IDMIDM EventsFigure 5-6. RADIUS Server Activity LogThe Activity Log provides information similar to IDM Events, except that the en
5-11Troubleshooting IDMUsing Decision Manager TracingUsing Decision Manager TracingIDM provides a tracing tool (DMConfig.prp) and log file (DM-IDMDM.l
5-12Troubleshooting IDMUsing Decision Manager Tracing Configuration deployments to the IDM Agent, along with the actual config-uration image.
5-13Troubleshooting IDMQuick TipsQuick TipsPlacing IDM Server into the AD Domain If you installed a PCM/IDM server on a system that was not a member o
5-14Troubleshooting IDMQuick TipsNote: After this configuration, the snac-jboss-server.log will no longer be present in the server/log directory. Howe
A-1AIDM Technical ReferenceDevice Support for IDM FeaturesDue to variations in hardware and software configuration of various HP Networking devices, n
A-2IDM Technical ReferenceDevice Support for IDM FeaturesTable A-1. Feature/Device Support for IDM 4.0Switch/Wireless DeviceMin SW Req’d ACLs VLANs Qo
A-3IDM Technical ReferenceDevice Support for IDM FeaturesWESM 1.0 XX XXXXWESM 2.0 XXXXXXXa - F.05.14; b - F.04.08; c - H.07.54; d - H.08.53; e - H.07.
2-6Getting StartedBefore You Begin7. If Active Directory synchronization is not used, assign Users to the appropriate Access Policy Group. (See page 3
A-4IDM Technical ReferenceBest PracticesBest PracticesAuthentication MethodsThe IDM application is designed to support RADIUS server implementation wi
A-5IDM Technical ReferenceBest PracticesAllowing vs. Rejecting AccessWhen evaluating the rules for the Access Policy Group when a user logs in, IDM is
A-6IDM Technical ReferenceBest PracticesThe other important piece in this process is the order of the rules. In the second example, if you change the
A-7IDM Technical ReferenceTypes of User EventsTypes of User EventsThe USER_FAILED_LOGIN event happens whenever RADIUS sends IDM a message of an unsucc
A-8IDM Technical ReferenceTypes of User Events
Index–1IndexNumerics802.1X configuration, SAW 4-11AAccess Attributes 3-32Access attributes 3-33Access Information 2-34Access Policyorder 3-4
Index–2IndexIDM model 3-1IDM Server, placing into the AD Domain 5-13Importfrom Active Directory 3-81, 3-101Import procedure 3-80Importing Us
Index–3IndexUUnauthorized users A-4Unknown users A-4Useradd to IDM 3-76edit IDM 3-79User Access 3-48User ImportLDAP Server 3-87User Import
Index–4Index
2-7Getting StartedBefore You BeginThe basic operational model of IDM involves Users and Groups. Every User belongs to a Group and, in IDM, these are c
ProCurve 5400zl Switches Installation and Getting Startd Guide Technology for better business outcomes To learn more, visit www.hp.com/netwo
2-8Getting StartedIDM GUI OverviewIDM GUI OverviewTo use the IDM client, launch the PCM Client on your PC by selecting the PCM option from the Windows
2-9Getting StartedIDM GUI OverviewFigure 2-4. IDM DashboardThe IDM initial display provides a quick view of IDM status in the Dashboard tab, along wit
2-10Getting StartedIDM GUI OverviewIDM DashboardThe IDM Dashboard is a monitoring tool that provides a quick summary view of IDM users, RADIUS servers
2-11Getting StartedIDM GUI OverviewFigure 2-5. Domain List tabDomain TabsExpanding the Domains node and clicking a domain in the tree displays the Das
2-12Getting StartedIDM GUI OverviewDomain Properties tab: Selecting an individual domain in the tree and then clicking the Properties tab displays sum
2-13Getting StartedIDM GUI OverviewDomain Global Rules tab: Clicking this tab displays rules that override Access Policy Group rules and provides func
Contents-iContents1 Welcome to Identity Driven ManagerIntroduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2-14Getting StartedIDM GUI OverviewFigure 2-9. Domain Users tab Expanding the Domain node in the tree will display the Access Policy Groups and RADIUS
2-15Getting StartedIDM GUI OverviewAccess Policy Groups nodeClicking the Access Policy Group node displays the Access Policy Groups tab with a list of
2-16Getting StartedIDM GUI OverviewClick the individual group node in the navigation tree to display the group’s Dash-board, Properties, Auto-Allow OU
2-17Getting StartedIDM GUI OverviewToolbars and MenusBecause IDM is a module within PCM+, it uses the same main menu and global toolbar functions. Ind
2-18Getting StartedUsing IDM as a Monitoring ToolUsing IDM as a Monitoring ToolWhether or not you configure and apply access and authorization paramet
2-19Getting StartedUsing IDM ReportsUsing IDM ReportsIDM provides reports designed to help you monitor and analyze usage patterns for network resource
2-20Getting StartedUsing IDM ReportsBy default, all user history is reset and all session history is deleted by the predefined IDM Session Cleanup pol
2-21Getting StartedUsing IDM ReportsSession History DetailsDetailed information about all login attempts, whether successful or failed. This report is
2-22Getting StartedCreating Report PoliciesCreating Report PoliciesYou can also use the Policy Manager feature to schedule reports to be created at re
2-23Getting StartedCreating Report PoliciesFigure 2-15. Policy Manager, ActionsThe Manage Actions window displays the list of defined Actions.3. Click
Contents-iiContentsShow Mitigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-38IDM Preferences . . .
2-24Getting StartedCreating Report Policies4. Select the Report Manager:Generate Report Action type from the menu. Figure 2-17. Policy Manager, Select
2-25Getting StartedCreating Report PoliciesAt this point the other tabs displayed are:Type: Lets you select the Report type you want to generate. As s
2-26Getting StartedCreating Report PoliciesFigure 2-20. Report Manager Action: Report format selection10. Select how you want to generate the report f
2-27Getting StartedCreating Report PoliciesFigure 2-21. Report Manager Action: Report Delivery methodEmail is the default method. It will email the re
2-28Getting StartedCreating Report Policiese. In the Password field, type the password used to access the FTP site.f. Select the Filename conventions
2-29Getting StartedCreating Report Policies1. Click the Policy Manager button in the toolbar.ORSelect Tools > Policy Manager to launch the Policy C
2-30Getting StartedCreating Report Policies4. Click the Schedule tab to review and edit the schedule parameters.Figure 2-25. IDM Session Cleanup Sched
2-31Getting StartedCreating Report Policies7. Use the radio buttons to select No end date, End by, or Maximum occurrences to identify when the schedul
2-32Getting StartedMonitoring User Session InformationMonitoring User Session InformationYou can use IDM to just monitor the network, and receive deta
2-33Getting StartedMonitoring User Session Information3. Click the User Properties tab to view the following information:4. Click the Session Info tab
Contents-iiiContentsAdding Users to an Access Policy Group . . . . . . . . . . . . . . . . . . . . . . . . . 3-49Changing Access Policy Group Assignm
2-34Getting StartedMonitoring User Session Information5. Click the Location Info tab to view the following information:a. Click the Disable Ethernet o
2-35Getting StartedMonitoring User Session InformationFind User SessionThe Find User Session feature let you search and display information about a us
2-36Getting StartedMonitoring User Session InformationFigure 2-27. Find User Session 2. In the Auth ID field, type the complete Auth ID that you want
2-37Getting StartedMonitoring User Session InformationFigure 2-28. Report Wizard, Report Filter3. To report on a specific time range, clear the All Da
2-38Getting StartedMonitoring User Session InformationFigure 2-29. Report Wizard, Columns to Include4. Select the check boxes to select the data colum
2-39Getting StartedMonitoring User Session InformationTo show or delete mitigations:1. In the IDM Users tab, right-click a mitigated user and choose S
2-40Getting StartedMonitoring User Session InformationClick the option check boxes to select (check) or deselect (clear) the following options. 1. Sel
2-41Getting StartedMonitoring User Session Information7. To reset all session accounting information whenever the server is restarted, select the Rese
2-42Getting StartedMonitoring User Session InformationUsing Active Directory SynchronizationThe Active Directory Synchronization (AD Sync) feature pro
2-43Getting StartedMonitoring User Session InformationFigure 2-31. Identity Management Preferences: User Directory Settings2. In the left pane of the
Contents-ivContentsPlacing IDM Server into the AD Domain . . . . . . . . . . . . . . . . . . . . . . . . . 5-13A IDM Technical ReferenceDevice Suppor
2-44Getting StartedMonitoring User Session InformationFigure 2-32. Add/Review AD Groups to SynchronizeThe Active Directory is queried for all groups i
2-45Getting StartedMonitoring User Session Informationsynchronizes on Group A or Group B, User 1 is imported into the group with the higher priority.
2-46Getting StartedMonitoring User Session Information12. An Importing Users dialog box will display the number of users being imported and a progress
2-47Getting StartedMonitoring User Session Information Within a Domain, Access Policy Group names must be unique. If Access Policy Groups are being c
2-48Getting StartedMonitoring User Session Information
3Using Identity Driven ManagerUnderstanding the IDM Configuration Model As described in the IDM model on page 2-6, everything relates to the top level
3-2Using Identity Driven ManagerUnderstanding the IDM Configuration ModelConfiguration Process ReviewAssuming that you opted to enable Active Director
3-3Using Identity Driven ManagerUnderstanding the IDM Configuration Model10. For the devices that will perform MAC authentication, you can configure A
3-4Using Identity Driven ManagerConfiguring LocationsConfiguring LocationsLocations in IDM identify the switch and/or ports on the switch and wireless
3-5Using Identity Driven ManagerConfiguring LocationsAdding a New LocationTo create a new location:1. Click the New Location button in the Locations t
1Welcome to Identity Driven ManagerIntroductionNetwork usage has skyrocketed with the expansion of the Internet, wireless, and convergence technologie
3-6Using Identity Driven ManagerConfiguring LocationsFigure 3-4. New Device window5. Use the Select Device Group list to select the Agent and device m
3-7Using Identity Driven ManagerConfiguring Locations7. Use the Port Selection section to define the ports on the device that will be associated with
3-8Using Identity Driven ManagerConfiguring LocationsFigure 3-5. Create a New Location, Wireless Devices2. Click Add Device to display the Wireless De
3-9Using Identity Driven ManagerConfiguring Locations3. Click the check box(es) to select the radio ports to be included in the location, and then cli
3-10Using Identity Driven ManagerConfiguring LocationsDeleting a LocationTo remove an existing Location:1. Select the Locations node from the Identity
3-11Using Identity Driven ManagerConfiguring TimesConfiguring TimesTimes are used to define the hours and days when a user can connect to the network.
3-12Using Identity Driven ManagerConfiguring TimesFigure 3-8. Times PropertiesCreating a New TimeTo create a new Time:1. In the Times Pane, click the
3-13Using Identity Driven ManagerConfiguring TimesFigure 3-9. Create a New Time2. Define the properties for the new time. 3. Click OK to save the new
3-14Using Identity Driven ManagerConfiguring TimesModifying a TimeTo modify a Time:1. In the Times pane, select a Time from the navigation tree to dis
3-15Using Identity Driven ManagerDevice Finger Printing2. Click Add to launch the Add Holiday window.Figure 3-11. Add Holiday3. The Date field default
1-2Welcome to Identity Driven ManagerIntroduction5. If the user is authenticated, the PCM device grants the user access to the network. If the user is
3-16Using Identity Driven ManagerDevice Finger PrintingFigure 3-12. Device Finger PrintingUser Agent To Device Types MappingThe administrator can see
3-17Using Identity Driven ManagerDevice Finger Printing• Device TypeFigure 3-13. User Agent to Device TypesNote: Users tab view reflects the device ty
3-18Using Identity Driven ManagerDevice Finger PrintingFigure 3-14. New User Agent to Device Type MappingBulk Import of User Agent Pattern MappingsTo
3-19Using Identity Driven ManagerDevice Finger Printing2. A dialog box appears to confirm before deleting the entry. If the device type being deleted
3-20Using Identity Driven ManagerDevice Finger PrintingUnder Device Type Groups node, each node represents one Device Type Group object. A Device Type
3-21Using Identity Driven ManagerDevice Finger PrintingTo edit the selected Device type group object, click any entry in Device Type Group Name.Figure
3-22Using Identity Driven ManagerDevice Finger PrintingFigure 3-17. Create a new Device Type Group2. Click Add/Remove. A dialog box appears to select
3-23Using Identity Driven ManagerDevice Finger PrintingFigure 3-18. Select Device Types3. After selecting the device types, Click Ok.4. The new group
3-24Using Identity Driven ManagerDevice Finger PrintingFigure 3-19. Edit/Delete Created GroupsModify Device Type Group To modify a new Device Type Gro
3-25Using Identity Driven ManagerConfiguring Network ResourcesIDM has pre-configured Device Type Groups for each of all the catch all patterns.• All A
1-3Welcome to Identity Driven ManagerIntroduction• An administrative GUI for configuration, events viewing and SSL certifi-cate management• A SNAC-IDM
3-26Using Identity Driven ManagerConfiguring Network ResourcesFigure 3-20. Network ResourcesThe Network Resources window lists the name and parameters
3-27Using Identity Driven ManagerConfiguring Network ResourcesFigure 3-21. Network Resources - DetailsNote When you open the details window, it is in
3-28Using Identity Driven ManagerConfiguring Network ResourcesFigure 3-22. Define Network Resource2. Define the properties for the network resource. T
3-29Using Identity Driven ManagerConfiguring Network Resources* Valid port names supported in IDM include: ftp, syslog, ldap, http, imap4, imap3, nntp
3-30Using Identity Driven ManagerConfiguring Network ResourcesI 2. Click in the list to select the network resource to delete, then click the Delete N
3-31Using Identity Driven ManagerConfiguring Access ProfilesConfiguring Access ProfilesIDM uses an Access Profile to set the VLAN, QoS, Bandwidth (rat
3-32Using Identity Driven ManagerConfiguring Access ProfilesSelect the Access Profile node from the navigation tree, or double-click a profile from th
3-33Using Identity Driven ManagerConfiguring Access Profiles2. Define the attributes for the Access Profile: Notes: If you are assigning any VLAN othe
3-34Using Identity Driven ManagerConfiguring Access Profiles3. If you want the IDM QoS attributes to override the switch attributes, use the QoS list
3-35Using Identity Driven ManagerConfiguring Access ProfilesFigure 3-26. Network Resource Assignment Wizard, Allowed Network Resources8. To permit acc
Commentaires sur ces manuels