Hp Identity Driven Manager Software Series Manuel d'utilisateur

www.procurve.comUser’s GuideProCurve Identity Driven ManagerSoftware Release 2.3

1-4About ProCurve Identity Driven ManagerIntroductionWhen using IDM, the authentication process proceeds as described in the first three steps, but fr

3-36Using Identity Driven ManagerDefining Access Policy GroupsTo begin, expand the Realms node to display the Access Policy Group node in the IDM tree

3-37Using Identity Driven ManagerDefining Access Policy GroupsFigure 3-27. New Access Policy Group3. Type in a Name and Description for the Access Pol

3-38Using Identity Driven ManagerDefining Access Policy Groups 6. Repeat the process for each rule you want to apply to the APG.7. The Access rules ar

3-39Using Identity Driven ManagerDefining Access Policy GroupsIDM will verify that the rules in the APG are valid. If a rule includes a defined VLAN (

3-40Using Identity Driven ManagerDefining Access Policy GroupsFigure 3-29. Access Rule with Endpoint Integrity optionsSelect the Endpoint Integrity op

3-41Using Identity Driven ManagerDefining Access Policy GroupsModifying an Access Policy Group1. Click the Access Policy Group node in the IDM tree to

3-42Using Identity Driven ManagerConfiguring User AccessConfiguring User AccessThe process of configuring User access to network resources using IDM i

3-43Using Identity Driven ManagerConfiguring User AccessThe Users list identifies every defined user and contains the following infor-mation for each

3-44Using Identity Driven ManagerConfiguring User Access4. Click Ok to save the assignments and close the window.The new APG assignments are displayed

3-45Using Identity Driven ManagerConfiguring User AccessUsing Global RulesGlobal Rules can be used to provide an "exception process" to the

1-5About ProCurve Identity Driven ManagerIntroductionWhat’s New in IDM 2.3ProCurve Identity Driven Manager version 2.3 includes the following new feat

3-46Using Identity Driven ManagerConfiguring User Access Creating a Global Rule is similar to creating Access Rules for an Access Profile Group.To cre

3-47Using Identity Driven ManagerConfiguring User Access2. Set the Access Properties for the Global Rule. This is similar to the process used to defin

3-48Using Identity Driven ManagerConfiguring User Access4. Click Yes in the confirmation pop-up to complete the process.The rule is removed from the G

3-49Using Identity Driven ManagerDeploying Configurations to the AgentDeploying Configurations to the AgentAn option in the IDM Preferences allows you

3-50Using Identity Driven ManagerUsing Manual ConfigurationUsing Manual Configuration It is simplest to let the IDM Agent run and collect information

3-51Using Identity Driven ManagerUsing Manual Configuration3. Click Ok to save the Realm information and close the window. The new Realm appears in t

3-52Using Identity Driven ManagerUsing Manual ConfigurationDeleting RADIUS ServersTo delete an existing RADIUS Server:NOTE: Before you can completely

3-53Using Identity Driven ManagerUsing Manual ConfigurationAdding New UsersYou can let the IDM Agent automatically learn about the users from the Acti

3-54Using Identity Driven ManagerUsing Manual Configuration3. If you want to restrict the user’s access to specific systems, click the Systems tab to

3-55Using Identity Driven ManagerUsing Manual ConfigurationIf the user is allowed to login from more than one system, repeat the process for each syst

1-6About ProCurve Identity Driven ManagerIntroductionIDM ArchitectureIn IDM, when a user attempts to connect to the network through an edge switch, th

3-56Using Identity Driven ManagerUsing Manual ConfigurationDeleting a User1. Select the User in the User List 2. Click the Delete User icon in the too

3-57Using Identity Driven ManagerUsing the User Import WizardUsing the User Import WizardThe IDM User Import Wizard lets you add users to IDM from ano

3-58Using Identity Driven ManagerUsing the User Import WizardImporting Users from Active DirectoryImporting users from Active Directory with the IDM I

3-59Using Identity Driven ManagerUsing the User Import WizardFigure 3-41. IDM User Import Wizard, Data Source3. Click the radio button to select the A

3-60Using Identity Driven ManagerUsing the User Import Wizard5. Select the scope of Active Directory groups that you want to import user data from. 6.

3-61Using Identity Driven ManagerUsing the User Import WizardFigure 3-44. IDM User Import Wizard, Import Groups8. Click the Select checkbox to choose

3-62Using Identity Driven ManagerUsing the User Import WizardFigure 3-45. IDM User Import Wizard, Add Users10. Click the Select checkbox to choose the

3-63Using Identity Driven ManagerUsing the User Import WizardIf you have a large number of users that belong to multiple groups, click the checkbox to

3-64Using Identity Driven ManagerUsing the User Import WizardFigure 3-48. IDM User Import Wizard, Import Complete A summary of the IDM Import displays

3-65Using Identity Driven ManagerUsing the User Import WizardFigure 3-49. IDM User Import Wizard, LDAP Authenticationa. To use the SSL authentication

1-7About ProCurve Identity Driven ManagerIntroduction• A Decision Manager that receives the user data and checks it against user data in the local IDM

3-66Using Identity Driven ManagerUsing the User Import Wizardb. Select the LDAP Authentication type to be used with the imported user data:c. Click Ne

3-67Using Identity Driven ManagerUsing the User Import WizardFigure 3-50. IDM User Import Wizard, Simple AuthenticationTo set up Simple authentication

3-68Using Identity Driven ManagerUsing the User Import WizardFigure 3-51. IDM User Import Wizard, SASL Digest MD5 AuthenticationTo set up Digest MD5 a

3-69Using Identity Driven ManagerUsing the User Import WizardFigure 3-52. IDM User Import Wizard, SASL Kerberos V5 AuthenticationTo set up Kerberos V5

3-70Using Identity Driven ManagerUsing the User Import WizardFigure 3-53. IDM User Import Wizard, SASL External AuthenticationTo set up External authe

3-71Using Identity Driven ManagerUsing the User Import WizardIf you are using a JKS Keystore, the X509 User Certificate must be installed in a keystor

3-72Using Identity Driven ManagerUsing the User Import Wizard3. Optionally, in the Base DN field, type the Distinguished Name. IDM will search only fo

3-73Using Identity Driven ManagerUsing the User Import Wizard// Kerberos authentication module name. If this entry is changed, you must also change th

3-74Using Identity Driven ManagerUsing the User Import Wizard LDAP_DIRECTORY_CONFIG { // Configuration for LDAP directory. Following values are for A

3-75Using Identity Driven ManagerUsing the User Import WizardImporting Users from XML filesIf you select to import users from an XML File, the XML Dat

1-8About ProCurve Identity Driven ManagerTerminologyTerminologyAuthentication The process of proving the user’s identity. In networks this involves th

3-76Using Identity Driven ManagerUsing the User Import WizardXML User Import File ExampleXML files used to import user data to IDM should have the fol

4-14Using the Secure Access WizardChapter ContentsOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-2Using the Secure Access WizardOverviewOverviewThe Secure Access Wizard (SAW) feature in IDM is designed to simplify the initial setup of IDM by red

4-3Using the Secure Access WizardUsing Secure Access WizardUsing Secure Access WizardNOTE: The following section provides instructions on using the S

4-4Using the Secure Access WizardUsing Secure Access Wizard2. Click Next to continue to the Device Selection window.Note: If you do not have a license

4-5Using the Secure Access WizardUsing Secure Access Wizard4. Click Next to continue to the next window. 5. If you selected one or more AP530 wireless

4-6Using the Secure Access WizardUsing Secure Access Wizardthat support two authentication methods per port, the options are 801.X and Web-Auth or MAC

4-7Using the Secure Access WizardUsing Secure Access WizardFigure 4-5. Secure Access Wizard, Port Selection example9. To select ports from a list, cli

4-8Using the Secure Access WizardUsing Secure Access WizardWhen the desired ports are selected, click OK to validate and save your selections.10. To m

4-9Using the Secure Access WizardUsing Secure Access WizardFigure 4-7. Secure Access Wizard, WLAN Selection example13. Click the check box for each SS

1-9About ProCurve Identity Driven ManagerTerminologyRealm A Realm is similar to an Active Directory Domain, but it works across non-Windows (Linux, et

4-10Using the Secure Access WizardUsing Secure Access WizardFigure 4-8. Secure Access Wizard, 802.1X Configuration displayThe configuration options di

4-11Using the Secure Access WizardUsing Secure Access WizardFigure 4-9. Secure Access Wizard, Advanced Settings for Wired 802.1Xc. Click the check box

4-12Using the Secure Access WizardUsing Secure Access WizardRe-auth period - The re-authentication timeout (in seconds, default 0), set to 0 to disabl

4-13Using the Secure Access WizardUsing Secure Access Wizarda. Click the radio button to select the RADIUS authentication protocol. Only one method ca

4-14Using the Secure Access WizardUsing Secure Access WizardDHCP address and mask - The base address and mask for the temporary pool used by DHCP (bas

4-15Using the Secure Access WizardUsing Secure Access Wizarde. Click Next in the configuration window to continue to the Authentication Servers step.

4-16Using the Secure Access WizardUsing Secure Access WizardFigure 4-13. Secure Access Wizard, Advanced (wired) Mac-Auth settings c. Click the check b

4-17Using the Secure Access WizardUsing Secure Access WizardUnauth-vid - The VLAN to which the port is assigned when the user has not been authorized

4-18Using the Secure Access WizardUsing Secure Access WizardNote: If you had previously configured other RADIUS servers for authentication with the de

4-19Using the Secure Access WizardUsing Secure Access WizardIf not using the same shared secret on all the devices, enter the Radius shared secret for

1-10About ProCurve Identity Driven ManagerIDM SpecificationsIDM SpecificationsSupported DevicesProCurve Identity Driven Manager (IDM) supports authori

4-20Using the Secure Access WizardUsing Secure Access WizardFigure 4-17. Secure Access Wizard, Save Settings dialog23. Type in a Name to apply to the

4-21Using the Secure Access WizardUsing Secure Access WizardFigure 4-18. Secure Access Wizard, Configuration Preview display27. Review the access secu

4-22Using the Secure Access WizardUsing Secure Access WizardFigure 4-19. Secure Access Wizard, Applying Settings statusThis window displays the progre

5-15Troubleshooting IDMChapter ContentsIDM Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5-2Troubleshooting IDMIDM EventsIDM Events The IDM Events window is used to view and manage IDM events generated by the IDM application or the IDM Age

5-3Troubleshooting IDMIDM EventsSortable columns of information are available for each event:You can sort the Events listing by Source, Severity, Stat

5-4Troubleshooting IDMIDM EventsThe details provide additional event description information. The details will vary based on the type of event. Use th

5-5Troubleshooting IDMIDM EventsFigure 5-3. Events Filter display To filter by Source, type in the Source type or name that you want to include. Even

5-6Troubleshooting IDMIDM EventsViewing the Events ArchiveThe Archived Events window lists details for each event in the Archive Log, which contains e

5-7Troubleshooting IDMIDM EventsThe Archived Events window provides the following information for each event:You can select the date range for display

1-11About ProCurve Identity Driven ManagerIDM Specifications Supported Operating Systems for PCM+ and IDM Remote Client:• MS Windows XP Pro (Service

5-8Troubleshooting IDMIDM EventsSetting IDM Event PreferencesUse the IDM Event Preferences to set up archiving and automatic deletion of events from t

5-9Troubleshooting IDMIDM Events5. Use the Severity Percentages to set the events types you want to maintain in the database. These percentages are ba

5-10Troubleshooting IDMIDM EventsUsing Activity LogsIDM also provides an Activity Log you can use to monitor events for specific RADIUS servers. To vi

5-11Troubleshooting IDMUsing Decision Manager TracingUsing Decision Manager TracingIDM provides a tracing tool (DMConfig.prp) and log file (DM-IDMDM.l

5-12Troubleshooting IDMUsing Decision Manager TracingMiscellaneousFor authenticating a MAC-Auth user using Funk Steel Belted RADIUS (SBR) with IDM, th

A-1AUsing ProCurve Network Access Controller with IDM About ProCurve Network Access Controller 800The ProCurve Network Access Controller 800 (ProCurve

A-2Using ProCurve Network Access Controller with IDMAbout ProCurve Network Access Controller 800Before You BeginFor information on installing the ProC

A-3Using ProCurve Network Access Controller with IDMUsing the NAC Tab DisplaysUsing the NAC Tab DisplaysOnce the ProCurve NAC appliance is installed o

A-4Using ProCurve Network Access Controller with IDMUsing the NAC Tab DisplaysSetting the ProCurve NAC GUI LoginIn addition to the "NAC" tab

A-5Using ProCurve Network Access Controller with IDMUsing the NAC Tab DisplaysUsing the NAC Home TabThe NAC Home tab launches the ProCurve NAC GUI wit

1-12About ProCurve Identity Driven ManagerRegistering Your IDM SoftwareIf you have not purchased an IDM 2.0 or newer license, your installation will i

A-6Using ProCurve Network Access Controller with IDMUsing the NAC Tab DisplaysUsing the NAC Monitor TabIn addition to the NAC Home tab, integration of

A-7Using ProCurve Network Access Controller with IDMUsing the NAC Tab DisplaysFor additional details, refer to the online help, or the section describ

A-8Using ProCurve Network Access Controller with IDMUsing Local Authentication Directory on ProCurve NACThis window also provides access to Maintenanc

A-9Using ProCurve Network Access Controller with IDMUsing Local Authentication Directory on ProCurve NAC2. Click the check box to Enable Local Authent

A-10Using ProCurve Network Access Controller with IDMUsing Local Authentication Directory on ProCurve NACFigure A-7. User Properties, with Local Authe

B-1BIDM Technical ReferenceDevice Support for IDM FunctionalityDue to variations in hardware and software configuration of various ProCurve Devices, n

B-2IDM Technical ReferenceDevice Support for IDM FunctionalitySupport for Secure Access Wizard FeatureProCurve Device ACL's VLAN QoS BW MAC Web

B-3IDM Technical ReferenceBest PracticesBest PracticesAuthentication MethodsThe IDM application is designed to support RADIUS server implementation wi

B-4IDM Technical ReferenceBest PracticesHandling Unknown or Unauthorized usersIf a user is authenticated in RADIUS, but is unknown to IDM, IDM will no

B-5IDM Technical ReferenceBest Practices In this instance, if the user attempts to login in during the times specified for the Weekends, they will be

1-13About ProCurve Identity Driven ManagerRegistering Your IDM SoftwareFigure 1-6. ProCurve License Administration dialogueYou can also get to this sc

B-6IDM Technical ReferenceTypes of User EventsTypes of User EventsThe USER_FAILED_LOGIN event happens whenever RADIUS sends IDM a message of an unsucc

Index–1IndexNumerics802.1X configuration, SAW 4-9AAccess Attributes 3-26Access attributes 3-27Access Information 2-32Access Policyorder 3-38

Index–2Global Rules 3-45, 3-47HHolidays 3-17IIDM Agenttracing 5-11IDM authorization policy 3-49IDM model 3-3IDM Statistics 2-18Importfro

Index–3Rules, evaluation 3-38SSASL Digest MD5 authentication 3-67Save Settings, SAW 4-19Save Template, SAW 4-19SAW 4-2Secure Access Wizard

© Copyright 2008 Hewlett-Packard Development Company, L.P.May 2008Manual Part Number5990-8851

Hewlett-Packard Company 8000 Foothills Boulevard, m/s 5551 Roseville, California 95747-5551 http://www.procurve.com© Copyright 2008 Hewlett-Packard De

1-14About ProCurve Identity Driven ManagerLearning to Use ProCurve IDM7. In the Registration window:a. select the product to register from the Product

1-15About ProCurve Identity Driven ManagerLearning to Use ProCurve IDMGetting ProCurve Documentation From the Web1. Go to the Procurve website at http

1-16About ProCurve Identity Driven ManagerLearning to Use ProCurve IDM

2-12Getting StartedChapter ContentsGetting StartedBefore You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-2Getting StartedBefore You BeginBefore You BeginIf you have not already done so, please review the list of supported devices and operating requireme

2-3Getting StartedBefore You BeginThe IDM Client is included with the PCM+ software. To install a remote PCM/IDM Client, download the PCM Client to a

2-4Getting StartedBefore You Begin5. Create the Access Profiles, to set the VLAN, QoS, rate-limits (bandwidth) attributes, and the network resources t

2-5Getting StartedBefore You BeginUnderstanding the IDM ModelThe first thing to understand, is that IDM works within the general concept of ‘domains’

2-6Getting StartedIDM GUI OverviewIDM GUI OverviewTo use the IDM client, launch the PCM Client on your PC. Select the ProCurve Manager option from the

2-7Getting StartedIDM GUI OverviewSelect the IDM Tree tab at the bottom left of the PCM window to display the IDM Home window.Figure 2-2. IDM Home Win

iiiContents1 About ProCurve Identity Driven ManagerIntroduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-8Getting StartedIDM GUI OverviewIDM DashboardThe IDM Dashboard tab (window) contains four separate panels, described below.Identity Management Statu

2-9Getting StartedIDM GUI OverviewUsing the Navigation TreeThe navigation tree in the left pane of the IDM window provides access to IDM features usin

2-10Getting StartedIDM GUI OverviewFigure 2-5. Realm Properties tabClick the Users tab, underneath the realm Properties tab, to view a list of users i

2-11Getting StartedIDM GUI OverviewFigure 2-7. Access Policy Groups tabClick the individual group node in the tree to display the group’s Properties.

2-12Getting StartedIDM GUI OverviewRADIUS Servers: Clicking the RADIUS Servers node displays the RADIUS List tab, with status and configuration inform

2-13Getting StartedIDM GUI OverviewThe Activity Log tab underneath the properties display contains a listing of IDM application events for that RADIUS

2-14Getting StartedUsing IDM as a Monitoring ToolUsing IDM as a Monitoring ToolWhether or not you configure and apply access and authorization paramet

2-15Getting StartedUsing IDM ReportsUsing IDM ReportsIDM provides reports designed to help you monitor and analyze usage patterns for network resource

2-16Getting StartedUsing IDM ReportsFigure 2-13. Bandwidth Usage ReportYou can save the report to a file, or print the report. To apply customized Rep

2-17Getting StartedUsing IDM ReportsBandwidth Usage Report: The Bandwidth Usage Report lists bandwidth usage per User. the top 25 bandwidth users. You

ivContentsIDM Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-36Using Active Directory Synchroni

2-18Getting StartedUsing IDM ReportsThe following information is provided for each user included in the Bandwidth Usage report:IDM Statistics: The IDM

2-19Getting StartedCreating Report PoliciesUser Report: The User Report lists information for recent sessions in which the user participated, similar

2-20Getting StartedCreating Report PoliciesFigure 2-14. Policy Manager, Actions displayThe Manage Actions window displays the list of defined Actions.

2-21Getting StartedCreating Report Policies4. Select the Report Manager:Generate Report Action type from the pull-down menu. Figure 2-16. Policy Manag

2-22Getting StartedCreating Report PoliciesFigure 2-17. Policy Manager: Report Manager Action configurationAt this point the other tabs displayed are:

2-23Getting StartedCreating Report PoliciesFigure 2-18. Report Manager Action, Report type selection8. Click the Report Filter tab to select the repor

2-24Getting StartedCreating Report Policies• PDF Produce the report in .pdf format. To view this file format, you will need Adobe Acrobat Reader, whic

2-25Getting StartedCreating Report PoliciesSelecting FTP as the delivery method lets you save the report on an FTP site. However, proxy support is not

2-26Getting StartedCreating Report PoliciesYou can access User Reports by right-clicking on the user in the Users tab display in IDM, then select the

2-27Getting StartedCreating Report PoliciesFigure 2-23. IDM Session Cleanup Schedule properties4. Click the Schedule tab to review and edit the schedu

vContents4 Using the Secure Access WizardOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-28Getting StartedCreating Report Policies5. Set the Start Date for enforcement of the policy. The default is the start date and time for IDM. You c

2-29Getting StartedUser Session InformationUser Session InformationYou can use IDM to just monitor the network, and receive detailed information about

2-30Getting StartedUser Session InformationThe Session List provides a listing of recent sessions, including the following information: The User Prop

2-31Getting StartedUser Session InformationThe Session Information tab of the User Status window contains the following information:To track the user’

2-32Getting StartedUser Session InformationFigure 2-26. Location Information tabThe Location Information tab of the User Status window contains the fo

2-33Getting StartedUser Session InformationThe Access Information tab of the User Status window contains the following information:Finding a UserThe F

2-34Getting StartedUser Session Information2. In the Username field, type the complete user name of the user you want to find and display information

2-35Getting StartedUser Session Information3. Click the check boxes to select the data columns. If wireless settings are enabled the WLAN and BSSID o

2-36Getting StartedUser Session InformationIDM PreferencesThe IDM Preferences window is used to set up global attributes for session accounting and ar

2-37Getting StartedUser Session Information1. The Configuration Deployment option is used to automatically deploy IDM configuration settings (Access P

viContents

2-38Getting StartedUser Session InformationExisting accounting records are not removed by the Reset procedures, the only effect is that currently open

2-39Getting StartedUser Session InformationFigure 2-31. Identity Management Preferences: User Directory Settings.1. Click the checkbox to select the E

2-40Getting StartedUser Session Information4. To Add a group to the "Groups to Synchronize" list, click Add or Remove Groups... to display t

2-41Getting StartedUser Session Information5. Select the Active Directory Groups you want to Synchronize to IDM, then click the >> button to mov

2-42Getting StartedUser Session Information Users deleted from Active Directory while synchronization is disabled are assigned to the default Access

3-13Using Identity Driven ManagerChapter ContentsIDM Configuration Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-2Using Identity Driven ManagerDeleting RADIUS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-52Adding New Users

3-3Using Identity Driven ManagerIDM Configuration ModelIDM Configuration Model As described in the IDM model on page 2-5, everything relates to the to

3-4Using Identity Driven ManagerIDM Configuration Model2. Define "times" (optional) at which users will be allowed or denied access. This ca

3-5Using Identity Driven ManagerIDM Configuration Model2. Click the Configure Identity Management icon in the Realms window toolbar.The Identity Manag

1-11 About ProCurve Identity Driven ManagerChapter ContentsAbout ProCurve Identity Driven ManagerIntroduction . . . . . . . . . . . . . . . . . . . .

3-6Using Identity Driven ManagerConfiguring LocationsConfiguring LocationsLocations in IDM identify the switch and/or ports on the switch and wireless

3-7Using Identity Driven ManagerConfiguring LocationsAdding a New LocationTo create a new location:1. Click the New Location icon in the toolbar to di

3-8Using Identity Driven ManagerConfiguring LocationsFigure 3-4. New Device window5. Enter the Device to be added using the Device Selection pull-down

3-9Using Identity Driven ManagerConfiguring Locations6. Use the Port Selection to define the ports on the device that will be associated with the loca

3-10Using Identity Driven ManagerConfiguring LocationsFigure 3-5. Create a New Location, Wireless Devices display11. Click Add Device... to display th

3-11Using Identity Driven ManagerConfiguring LocationsClick the check box to select the radio ports to be included in the location, and then click OK

3-12Using Identity Driven ManagerConfiguring LocationsDeleting a LocationTo remove an existing Location:1. Click the Locations node in the Identity Ma

3-13Using Identity Driven ManagerConfiguring TimesConfiguring TimesTimes are used to define the hours and days when a user can connect to the network.

3-14Using Identity Driven ManagerConfiguring TimesFigure 3-8. Times PropertiesCreating a New TimeTo configure a Time:1. Click the Times node in the Id

3-15Using Identity Driven ManagerConfiguring TimesFigure 3-9. Create a New Time3. Define the properties for the new time. Name Name used to identify t

1-2About ProCurve Identity Driven ManagerIntroductionIntroductionNetwork usage has skyrocketed with the expansion of the Internet, wireless, and conve

3-16Using Identity Driven ManagerConfiguring Times4. Click Ok to save the new "Time" and close the panel. The new time appears in the Times

3-17Using Identity Driven ManagerConfiguring TimesDefining HolidaysTo add holidays for use when defining Times in IDM: 1. Click the Times node in the

3-18Using Identity Driven ManagerConfiguring TimesTo delete a Holiday, select it in the Holidays list, then click Delete... Click Yes in the confirmat

3-19Using Identity Driven ManagerConfiguring Network ResourcesConfiguring Network ResourcesThe Network Resources in IDM are used to permit or deny tra

3-20Using Identity Driven ManagerConfiguring Network ResourcesThe Network Resources window lists the name and parameters for defined resources, includ

3-21Using Identity Driven ManagerConfiguring Network ResourcesAdding a Network ResourceTo define a Network Resource:1. Click the Network Resources nod

3-22Using Identity Driven ManagerConfiguring Network Resources* Valid Friendly port names supported in IDM include: ftp, syslog, ldap, http, imap4, im

3-23Using Identity Driven ManagerConfiguring Network ResourcesDeleting a Network ResourceTo delete a Network Resource:1. Click the Network Resources n

3-24Using Identity Driven ManagerConfiguring Access ProfilesConfiguring Access ProfilesIDM uses an Access Profile to set the VLAN, QoS, Bandwidth (rat

3-25Using Identity Driven ManagerConfiguring Access Profiles

1-3About ProCurve Identity Driven ManagerIntroductionWhy IDM?Today, access control using a RADIUS system and ProCurve devices (switches or wireless ac

3-26Using Identity Driven ManagerConfiguring Access ProfilesClick the Access Profile node in the navigation tree, or double-click on a profile in the

3-27Using Identity Driven ManagerConfiguring Access Profiles2. Click the Add Access Profile icon in the toolbar to display the Create a new Access Pro

3-28Using Identity Driven ManagerConfiguring Access ProfilesThe VLAN that gets set for a user will override the statically configured VLAN, as well as

3-29Using Identity Driven ManagerConfiguring Access ProfilesFigure 3-19. Network Resource Assignment Wizard, Allowed Network Resources6. To permit acc

3-30Using Identity Driven ManagerConfiguring Access ProfilesFigure 3-20. Network Resource Assignment Wizard, Denied Network Resources7. To deny access

3-31Using Identity Driven ManagerConfiguring Access ProfilesFigure 3-21. Network Resource Assignment Wizard, Priority Assignment8. Set the priority (o

3-32Using Identity Driven ManagerConfiguring Access Profiles10. Select the option to tell IDM what to do if there are no matches found in the network

3-33Using Identity Driven ManagerConfiguring Access ProfilesFigure 3-24. Network Resource Assignment Wizard, Summary14. Click Finish to save the Netwo

3-34Using Identity Driven ManagerConfiguring Access ProfilesThe changes are displayed in the Access Profiles list.NOTE: When modifying Access Profiles

3-35Using Identity Driven ManagerDefining Access Policy GroupsDefining Access Policy GroupsAn Access Policy Group (APG) contains rules that define the