How to Implement an Identity Policy

If you want to manage identity policies for your FDM-managed device using Cisco Defense Orchestrator (CDO) you need to create identity sources first. You can configure the remaining settings using Defense Orchestrator.

When configured correctly, you will be able to see usernames in the monitoring dashboards and events in FDM. You will also be able to use user identity in access control and SSL decryption rules as a traffic-matching criteria.

Note

At this time, CDO can not configure some of the components needed to implement identity policies such as remote access VPN and Cisco Identity Services Engine. These components must be configured in FDM, which is the local manager of the device. Some of the steps in the procedure below indicate that you must use FDM to configure some identity components to implement identity policies.