Secure Access identity question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-05-2024 06:13 AM
Hello,
Let's say that I want to build a security policy where source is equal to MS AD group (users/groups will be provisioned through AD connector). My question is the following. How does firewall feature of SA know about IP-user mapping? According to what I am reading SAML is only for SWG/ZTA... Any hints?
- Labels:
-
Cloud Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-05-2024 09:16 AM
The AD connector provides user to IP mapping for all features..
are you seeing any issues with that ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-06-2024 02:26 AM
The problem is that there are no single word in the SA documentation about its integration with Umbrella VA (nothing is also seen in the SA dashboard to do this integration). This is in contrary to Umbrella SIG docs where we can find nice info like the one below
https://docs.umbrella.com/umbrella-user-guide/docs/identity-and-sig-deployment
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-06-2024 09:53 AM
AD connector is different from VA... VA is not required with SSE.. but AD connector is required..
Please see this:
- For IP-to-user mapping deployments, you must use an on-premises Secure Access AD connector. Azure does not store the private IP to Active AD user mappings.
**Please rate as helpful if this was useful **
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-24-2024 01:38 AM
VA is not **required** with SSE, but it is available to provide DNS level protection with user attribution for policy application and reporting. Details here: https://docs.sse.cisco.com/sse-user-guide/docs/deploy-virtual-appliances Useful for agent-less deployments in IOT, servers etc. as it was with Umbrella.
