Using AD Query for User Awareness

This article provides an overview of how to enable User Awareness with AD query.

Note

Note: This article provides information for Single User Identity. For more information about the Single User Identity changes, see Understanding the Single User Identity.

Overview

User Awareness lets you easily identify the end-users in your network. In addition, use the Analytics features to show traffic and events according to the AD first and last name, host name and IP address.

For more information about how to provision users with LDAP, see Provisioning Users with LDAP.

Changes that are made in the AD, are with automatically synced with the Cato Management Application (at 12:00 am UTC daily), or on demand by the administrator.

High Level Overview of Integrating AD and the Cato Management Application

This section describes the end-to-end workflow to configure the Windows server to allow the PoPs to integrate for User Awareness with AD query.

  1. Prepare the Windows Server for Cato Directory Services and User Awareness. See Configuring the Windows Server for Directory Services.

    1. Create a dedicated AD user that belongs to Distributed COM Users and Event Log Readers groups. The PoPs use this user to connect to the AD server.

    2. Configure these Windows settings for Directory Services:

      • Windows services

      • DCOM settings

      • COM security permissions

    3. (For User Awareness) Configure the WMI settings to allow the PoPs to query the user login events:

      1. Configure the server to allow remote connections using WMI. (See the Microsoft documentation, Securing a Remote WMI Connection).

      2. Configure the WMI user access settings.

      3. Configure the WMI Controller registry permissions.

      4. Configure the Windows firewall to allow DCOM communications.

  2. Configure the Directory Service settings in the Cato Management Application. See Provisioning Users with LDAP.

    1. Add the AD domain to the Directory Services for the account.

    2. Add the Domain Controllers.

    3. Define the AD groups that are synchronized, and the sync settings.

  3. Configure the User Awareness settings in the Cato Management Application. See the User Awareness articles .

    • User Awareness with an AD server:

      1. Add the AD domain to User Awareness.

      2. Add the Real Time Sync Domain Controllers.

      3. Define the AD groups that are participating in User Awareness.

    • User Awareness with the Cato Identity Agent:

      1. Enable User Awareness Identity Agent for your account.

      2. Install the Cato Client on the devices where you're identifying the users.

Email Notifications and Events for Directory Services and User Awareness

There are specific email notifications and events for Directory Services and User Awareness.

Working with Alerts

You can configure the Cato Management Application to send email notifications for Directory Service sync actions and connectivity status with the DC:

  • Syncing with the AD - success, failure, manual, or automatic

  • Connectivity failure with the DC - there is a connectivity issue between the Cato Management Application and the DC, and most likely impacts User Awareness

For more about configuring alerts, see Working with Email Notifications for the Account.

Analyzing Events

The Event Discovery window shows all the Directory Services and User Awareness events for your account. You can learn more about using Event Discovery here.

Was this article helpful?

0 comments

Add your comment