JIMS Identity Management Profile Overview

Juniper Security Director Cloud is used to push the JIMS configuration to SRX Series Firewalls. You can create an identity management profile in Juniper Security Director Cloud and deploy it to SRX Series Firewalls. The SRX Series Firewalls then query the JIMS server for the information that is based on the deployed profile.

SRX Series Firewalls connect with JIMS through either HTTP or HTTPS. HTTP is recommended for debugging, while HTTPS should be used for deployments. The SRX Series Firewalls have both primary and secondary JIMS configurations. The firewalls always query the primary JIMS first. The secondary JIMS serves as a fallback option with limited resources and should only be used if the HTTP GET request or the number of queries to the primary JIMS fails. The SRX Series Firewalls continually monitor the status of the primary JIMS and will switch back once it is operational again.

Note:

• Juniper Security Director Cloud does not interact directly with the JIMS server. Instead, SRX Series Firewalls query the JIMS server to retrieve user identity information. For more information about different query modes, see Understanding Advanced Query Feature for Obtaining User Identity Information from JIMS and Configuring Advanced Query Feature for Obtaining User Identity Information from JIMS.

• SRX Series Firewalls authentication can also push the authentication entries to JIMS.

• IP and user mapping information might be inaccurate if the user identities in JIMS are cleared, delayed, or missing.

You can create an identity management profile, deploy the profile, and edit, clone, and delete these profiles. Use the Identity Management Profile page to obtain advanced user identity from different authentication sources for SRX Series Firewalls. To access the page, click SRX > Identity > JIMS.