- play_arrow What's New for Administrators
- play_arrow Overview of JSA Administration
- play_arrow User Management
- play_arrow License Management
- play_arrow System Management
- System Management
- System Health Information
- JSA Component Types
- Data Nodes
- Network Interface Management
- JSA System Time
- NAT-Enabled Networks
- Off-site Hosts Management
- Managed Hosts
- Configuration Changes in your JSA Environment
- Deploying Changes
- Restarting the Event Collection Service
- Shutting Down a System
- Restarting a System
- Collecting Log Files
- Changing the Root Password on Your JSA Console
- Resetting SIM
- play_arrow JSA Set Up Tasks
- JSA Set Up Tasks
- Network Hierarchy
- Automatic Updates
- Manual Updates
- Configuring System settings
- IF-MAP Server Certificates
- SSL Certificates
- IPv6 Addressing in JSA Deployments
- Advanced Iptables Rules Examples
- Data Retention
- System Notifications
- Custom Offense Close Reasons
- Configuring a Custom Asset Property
- Index Management
- Restrictions to Prevent Resource-intensive Searches
- App Hosts
- Checking the Integrity Of Event and Flow Logs
- Adding Custom Actions
- Managing Aggregated Data Views
- Accessing a GLOBALVIEW Database
- play_arrow Event Data Processing in JSA
- Event Data Processing in JSA
- DSM Editor Overview
- Properties in the DSM Editor
- Property Configuration in the DSM Editor
- Opening the DSM Editor
- Configuring a Log Source Type
- Configuring Property Autodetection for Log Source Types
- Configuring Log Source Autodetection for Log Source Types
- Configuring DSM Parameters for Log Source Types
- Custom Log Source Types
- Custom Property Definitions in the DSM Editor
- Event Mapping
- Exporting Contents from the DSM Editor
- play_arrow Using Reference Data in JSA
- play_arrow Juniper Networks X-Force Integration
- play_arrow Managing Authorized Services
- play_arrow Backup and Recovery
- play_arrow Flow Sources Management
- play_arrow Remote Networks and Services Configuration
- play_arrow Server Discovery
- play_arrow Domain Segmentation
- play_arrow Multitenant Management
- Multitenant Management
- User Roles in a Multitenant Environment
- Domains and Log Sources in Multitenant Environments
- Provisioning a New Tenant
- Monitoring License Usage in Multitenant Deployments
- Rules Management in Multitenant Deployments
- Network Hierarchy Updates in a Multitenant Deployment
- Retention Policies for Tenants
- play_arrow Asset Management
- play_arrow Configuring JSA to Forward Data to Other Systems
- Forward Data to Other Systems
- Adding Forwarding Destinations
- Configuring Forwarding Profiles
- Configuring Routing Rules to Forward Data
- Using Custom Rules and Rule Responses to Forward Data
- Configuring Routing Rules to Use the JSA Data Store
- Viewing Forwarding Destinations
- Viewing and Managing Forwarding Destinations
- Viewing and Managing Routing Rules
- play_arrow Event Store and Forward
- play_arrow Security Content
- play_arrow SNMP Trap Configuration
- play_arrow Protect Sensitive Data
- play_arrow Log Files
- play_arrow Event Categories
- play_arrow Common Ports and Servers Used by JSA
- play_arrow RESTful API
User Information Source Overview
You can configure a user information source to enable user information collection from an Identity and Access Management endpoint.
An Identity and Access Management endpoint is a product that collects and manages electronic user identities, group memberships, and access permissions. These endpoints are called user information sources.
Use the following utilities to configure and manage user information sources:
Tivoli Directory Integrator - You must install and configure a Tivoli Directory Integrator on a non-JSA host.
UISConfigUtil.sh - Use this utility to create, retrieve, update, or delete user information sources. You can use user information sources to integrate JSA using a Tivoli Directory Integrator server.
GetUserInfo.sh - Use this utility to collect user information from a user information source and store the information in a reference data collection. You can use this utility to collect user information on demand or on a schedule.
User Information Sources
A user information source is a configurable component that enables communication with an endpoint to retrieve user and group information.
JSA systems support the following user information sources:
Information Source | Information that is collected |
---|---|
MicrosoftWindows Active Directory (AD), version 2008 - MicrosoftWindows AD is a directory service that authenticates and authorizes all users and computers that use your Windows network. |
|
Reference Data Collections for User Information
This topic provides information about how reference data collections store data collected from user information sources.
When JSA collects information from a user information source, it automatically creates a reference data collection to store the information. The name of the reference data collection is derived from the user information source group name. For example, a reference data collection that is collected from MicrosoftWindows AD might be named Domain Admins.
The reference data collection type is a Map of Maps. In a Reference Map of Maps, data is stored in records that map one key to another key, which is then mapped to a single value.
For example:
#
# Domain Admins
# key1,key2,data
smith_j,Full Name,John Smith
smith_j,account_is_disabled,0
smith_j,account_is_locked,0
smith_j,account_is_locked,1
smith_j,password_does_not_expire,1
Integration Workflow Example
After user and group information is collected and stored in a reference data collection, there are many ways in which you can use the data in JSA.
You can create meaningful reports and alerts that characterize user adherence to your company's security policies.
If you want to collect application security logs, you must create a Device Support Module (DSM). For more information, see the Configuring DSMs Guide.
User Information Source Configuration and Management Task Overview
To initially integrate user information sources, you must perform the following tasks:
Configure a Tivoli Directory Integrator server. See Configuring the Tivoli Directory Integrator Server.
Create and manage user information sources. See Creating and Managing User Information Source.
Collect user information. See Collecting User Information.