You can use identity policies to collect user identity information from connections. You can then view usage based on user identity in the Firepower Device Manager (FDM) dashboards, and configure access control based on user or user group.
The following is an overview of how to configure the elements required to obtain user identity through identity policies:
- Open the Devices & Services page, select the device for which you are configuring an identity policy, and click Policy in the Management pane at the right.
- Click Identity in the Policy bar.
- If you have not yet enabled an identity policy, read about passive and active authentication and click Enable. You are enabling an identity policy, not a passive authentication policy or an active authentication policy. The rules in the policy will specify active or passive authentication.
- Manage the identity policy:
After you configure identity settings, this page lists all rules in order. Rules are matched against traffic from top to bottom with the first match determining the action to apply. You can do the following from this page:
- To enable or disable the identity policy, click the identity toggle. See Configure Identity Policy Settings for more information.
- To read the passive authentication settings, click the button next to the Passive Auth label on the identity bar. See Configure Identity Policy Settings for more information.
- To enable active authentication, click the button next to the Active Auth label on the identity bar. See Configure Identity Policy Settings for more information.
- To change the default action, click the default action button and select the desired action. See Configure Identity Policy Default Action.
- To move a rule in the table, select the rule and click the up or down arrow at the end of the rule's row in the rule table.
- To configure rules:
- To create a new rule, click the plus button.
- To edit an existing rule, select the rule and click Edit in the Actions pane. You can also selectively edit a rule property by clicking on the property in the table.
- To delete a rule you no longer need, select the rule and click Remove in the Actions pane.
For more information on creating and editing identity rules, see Configuring Identity Rules.
- (Optional) For any rule that you created, you can select it and add a comment about it in the Add Comments field. To learn more about rule comments see, Adding Comments to Rules in FTD Policies and Rulesets.
- Review and deploy now the changes you made, or wait and deploy multiple changes at once.