Juniper Identity Management Service

Juniper® Identity Management Service is a Windows-based application that links IP addresses to specific user identities, providing visibility into and control over network activity on a per-user basis. JIMS integrates directly with Active Directory servers to verify user-to-IP address relationships and determine specific role and group assignments. This enables SRX Series Services Gateways to manage security policy decisions that directly associate application activity to user roles. Based on this information, the SRX Series firewall either permits or denies users access to applications and data based on detailed security policies.

Juniper Identity Management Service has a scalable user identity management system, supporting 20 domain controllers, which can scale up to 150, and the ability to support more than 256,000 users. Juniper Identity Management Services also tracks and prevents unauthorized users from accessing corporate resources before a data breach occurs.

On Juniper Networks® SRX Series Services Gateways, this capability is referred to as “user firewall,” where the SRX Series device will associate network traffic with specific user identities as defined by Active Directory. The SRX Series firewall typically performs a local lookup of the user-id associated with a specific IP address.

The Juniper® Identity Management Service for Windows maintains a large database of active users and their associated IP addresses, enabling an SRX Series firewall to rapidly identify thousands of users in a large distributed enterprise. The SRX Series device simply queries the JIMS server, obtains the proper user-id relationship, and then enforces the appropriate security policy. Once applications, users, and groups are identified, JIMS provides full visibility into and control over the security infrastructure.

Features

• User Identification - JIMS connects to an Active Directory server to provide IP address-to-user name mappings and to collect user and device status for SRX Series firewalls. For user login events, JIMS collects domain and user names; for device login events, it collects domain and machine names.
• PC Probing - JIMS initiates PC probes on devices to obtain the user name and domain of active users and to determine the device’s status after its logged-in state has expired.
• SRX Series Query Support - JIMS responds to individual HTTPS GET queries for IP addresses from SRX Series devices with the corresponding user names.
• IP Address and User Group Filtering - JIMS provides the ability to include or exclude specified IP address ranges or Active Directory groups in the authentication tables of the SRX Series devices.
• Remote Syslog to Collect User Data - JIMS collects syslog data from other sources containing user name, device name, domain, groups, and/or IP address mappings and turns it into cache and policy enforcement entries on SRX Series firewalls.
• Status Monitoring and System Logging - JIMS provides detailed information related to Active Directory and SRX Series firewall connectivity state, sessions, records captured, and PC Probe counts. For troubleshooting purposes, JIMS produces system logs to record various events and activities.

Juniper Identity Management Service is provided free of charge to customers with an active Juniper service contract.