Configuring network resources – HP Identity Driven Manager Software Series User Manual
Page 89
3-25
Using Identity Driven Manager
Configuring Network Resources
IDM has pre-configured Device Type Groups for each of all the catch all patterns.
•
All Android (For all Android devices)
•
All Windows (For all Windows devices)
•
All Unix (For all Unix devices)
•
All Apple (For all Apple devices)
•
All Unknown (For all Unknown devices)
The advantage of these pre-configured Device Type Group is that when registering
users, if user-agent string matches one of the catch-all regex patterns, user's device
type automatically becomes a member of the respective Device Type Group. As a
result, the user's access to the network is immediately controlled based on the device
type, without any additional effort from the Administrator. The Global Rules or
Access Rules must be configured to complete the Device Finger Printing configura-
tion.
Configuring Network Resources
Network Resources in IDM are used to permit or deny traffic to and from specified
sources and destination. This is done by configuring an IP-based filter based on either:
■
The IPv4 or IPv6 address (individual address or subnet address) of the
source or destination, or
■
The protocol (IP, ICMP, VRRP, and so forth)
■
The TCP or UDP port (that is, based on protocol and application, such as
Telnet or HTTP)
For example, you can create a Network Resource to restrict “guest accounts” so that
they only have access to the external Internet, and no access to internal resources. Or
you can define a resource that allows HR employees to access the payroll systems,
and denies access to all other employees.
N o t e :
Network Resource features can be used only for switches that support IDM-based
ACLs. See “Device Support for IDM Features” on page
To configure a Network Resource:
1. Select the Network Resources node from the Identity Management Configura-
tion navigation tree to display the Network Resources pane.