Procedure
The following procedure provides an overview of what you must configure to get identity policies to work:
Procedure
Step 1 | Create the AD identity realm. Whether you collect user identity actively or passively, you need to configure the Active Directory (AD) server that has the user identity information. See Create and Edit a Firepower Threat Defense Active Directory Realm Object for more information. |
Step 2 | If you want to use passive authentication identity rules, configure the passive identity sources using FDM. You can configure any of the following, based on the services you are implementing in the device and the services available to you in your network.
|
Step 3 | Using Security Cloud Control, enable the identity policy and configure passive or active authentication. See Configure Identity Policy Settings for more information. |
Step 4 | Using Security Cloud Control, Configure Identity Policy Default Action. If your intention is to use passive authentication only, you can set the default action to passive authentication and there is no need to create specific rules. |
Step 5 | Using Security Cloud Control, Configuring Identity Rules. Create rules that will collect passive or active user identities from the relevant networks. |
Step 6 | (Optional) For any rule that you created, you can select it and add a comment about it in the Add Comments field. To learn more about rule comments see, Adding Comments to Rules in FTD Policies and Rulesets. |
Step 7 | Review and deploy now the changes you made, or wait and deploy multiple changes at once. |