About Identity Sources
Identity sources are the AAA servers and databases that define user accounts for the people in your organization. You can use this information in a variety of ways, such as providing the user identity associated with an IP address, or authenticating remote access VPN connections or access to the FDM.
Use the
page to create and manage your sources. You would then use these objects when you configure the services that require an identity sourceFollowing are the supported identity sources and their uses:
- Active Directory (AD) Identity Realm
-
Active Directory provides user account and authentication information. See Active Directory (AD) Identity Realms.
You can use this source for the following purposes:
-
Remote Access VPN, as a primary identity source. You can use AD in conjunction with a RADIUS server.
-
Identity policy, for active authentication and as the user identity source used with passive authentication.
-
- Cisco Identity Services Engine (ISE) or Cisco Identity Services Engine Passive Identity Connector (ISE PIC)
-
If you are using ISE, you can integrate the FTD device with your ISE deployment. See Identity Services Engine (ISE).
You can use this source for the following purposes:
-
Identity policy, as a passive identity source to collect user identity from ISE.
-
- RADIUS Server, RADIUS Server Group
-
If you are using RADIUS servers, you can also use them with the FDM. You must define each server as a separate object, then put them in server groups (where the servers in a given group are copies of each other). You assign the server group to features, you do not assign individual servers. See RADIUS Servers and Groups.
You can use this source for the following purposes:
-
Remote Access VPN, as an identity source for authentication, and for authorization and accounting. You can use AD in conjunction with a RADIUS server.
-
Identity policy, as a passive identity source to collect user identity from remote access VPN logins.
-
External authentication for the FDM or the FTD CLI management users. You can support multiple management users with different authorization levels. These users can log into the system for device configuration and monitoring purposes.
-
- LocalIdentitySource
-
This is the local user database, which includes users that you have defined in the FDM. Select to manage the user accounts in this database. See Local Users.
Note
The local identity source database does not include users you configure in the CLI for CLI access (using the configure user add command). CLI users are completely separate from those you create in the FDM.
You can use this source for the following purposes:
-
Remote Access VPN, as a primary or fallback identity source.
-
Identity policy, as a passive identity source to collect user identity from remote access VPN logins.
-