User Identity Awareness - D-Link NetDefendOS User Manual

8.6. User Identity Awareness

Sometimes it is more convenient for client users if they can automatically validate themselves to
NetDefendOS instead of being asked to type in username and password credentials every time
they wish to access certain resources. The NetDefendOS User Identity Awareness (UIA) feature
allows this to happen by receiving user authentication information from Windows domain
servers.
There are two separate components involved in the identity awareness feature:
• The Identity Awareness Agent (IDA), which is a separate piece of D-Link software, runs on one
or more Windows domain servers in the active directory, sending authenticated client
information to NetDefendOS. The IDA can run on either a domain controller or domain
member. Installation of the IDA software on multiple servers will provide redundancy.
• The authentication process taking place in NetDefendOS as clients try to access resources
through the firewall. This process uses the information sent by the Identity Awareness Agent.
The overall relationship between client, server and NetDefend Firewall is shown in the diagram
below.
Event Flow During Authentication
The flow of events with the identity awareness feature is as follows:
• A user of a Windows based client computer logs in.
• The user is authenticated against a Windows Active Directory server.
• The D-Link Identity Awareness Agent (IDA) is running on at least one server in the domain. This
software listens for successful client authentications. When a client is authenticated, the
agent sends the following to the configured NetDefend Firewall:
i. The user name.
ii. The user's group.
Figure 8.3. User Identity Awareness
641
Chapter 8: User Authentication