https://community.cisco.com/t5/network-security/firepower-mapping-users-to-ips/m-p/3933309#M937834 <P>You need to configure realms also.<BR />Once you have done that, you need to configure an identity policy that maps networks to a realm then add that identity policy to your access policy.</P><P>That is passive authentication.</P><P>Using a captive portal is active authentication and isn't a requirement.&nbsp; You can definite active vs passive in your identity policy.</P> Tue, 01 Oct 2019 18:45:51 GMT Anthony Parker 2019-10-01T18:45:51Z https://community.cisco.com/t5/network-security/firepower-mapping-users-to-ips/m-p/3933258#M937833 <P>I've seen this done and think I have done a good amount of the leg work, but I'm trying to figure out the details of setting up the identity policies to attach usernames to IPs within firepower. I have the AD agent install on the AD server, but I'm missing something as the usernames are not attaching to the IPs within firepower. Will I have to make use of the captive portal and if so, will they have to login each time they use the network?</P> Fri, 21 Feb 2020 17:32:38 GMT https://community.cisco.com/t5/network-security/firepower-mapping-users-to-ips/m-p/3933258#M937833 enelson11 2020-02-21T17:32:38Z https://community.cisco.com/t5/network-security/firepower-mapping-users-to-ips/m-p/3933309#M937834 <P>You need to configure realms also.<BR />Once you have done that, you need to configure an identity policy that maps networks to a realm then add that identity policy to your access policy.</P><P>That is passive authentication.</P><P>Using a captive portal is active authentication and isn't a requirement.&nbsp; You can definite active vs passive in your identity policy.</P> Tue, 01 Oct 2019 18:45:51 GMT https://community.cisco.com/t5/network-security/firepower-mapping-users-to-ips/m-p/3933309#M937834 Anthony Parker 2019-10-01T18:45:51Z