User identity awareness – Amer Networks E5Web GUI User Manual

8.6. User Identity Awareness

Sometimes it is more convenient for client users if they can automatically validate themselves to
cOS Core instead of being asked to type in username and password credentials every time they
wish to access certain resources. The cOS Core User Identity Awareness (UIA) feature allows this to
happen by receiving user authentication information from a Windows domain controller server.

There are two separate components involved in the identity awareness feature:

•

The Clavister Identity Awareness Agent which is a separate piece of software that runs on all
the Windows domain controller servers in the active directory, sending client login
information to cOS Core.

•

The authentication process taking place in cOS Core as clients try to access resources through
the security gateway. This uses the information sent by the Identity Awareness Agent.

The overall relationship between client, server and Clavister Security Gateway is shown in the
diagram below.

Figure 8.3. User Identity Awareness

Event Flow During Authentication

The flow of events with the identity awareness feature is as follows:

•

A user of a Windows based client computer logs in.

•

The user is authenticated against a Windows Active Directory server running on a separate
computer.

•

The Clavister provided software service called the Identity Awareness Agent (IDA) runs on all
the domain controller servers in the domain. This listens for successful client authentications.
When a client is authenticated, the agent sends the following to the configured Clavister
Security Gateway:

i.

The user name.

ii.

The user's group.

Chapter 8: User Authentication

550