Select User Identification Service for Secure SD-WAN Engines

You can select the User Identification Service for each Secure SD-WAN Engine in the Engine Editor.

Each User Identification Service can be associated with one or more Secure SD-WAN Engines, but only one User Identification Service can be selected for each Secure SD-WAN Engine.

Note: The Integrated User ID Service is primarily meant for demonstration purposes and proof-of-concept testing of user identification services.

For more details about the product and how to configure features, click Help or press F1.

Steps

Select Configuration.
Right-click the Secure SD-WAN Engine for which you want to select a Forcepoint User ID Service or an Integrated User ID Service element, then select Edit <element type>.
In the navigation pane on the left, browse to Add-Ons > User Identification.
Select the User Identification Service element that represents the server with which this Secure SD-WAN Engine communicates.

Note: For Secure SD-WAN version 6.4 or higher, we recommend that you use the Forcepoint User ID Service.
(Optional) Configure the additional settings.
Click Save.

Engine Editor > Add-Ons > User Identification

Use this branch to select a User Identification Service element.

Note: These settings are not supported for Master Engines or Virtual Engines.

Option	Definition
User Identification Service	The Forcepoint User ID Service and Integrated User ID Service provide user, group, and IP address information that can be used in transparent user identification. The Integrated User ID Service is primarily meant for demonstration purposes and proof-of-concept testing of user identification services. Select — Allows you to select an existing Forcepoint User ID Service or Integrated User ID Service element. None — Disables transparent user identification. Note: For Secure SD-WAN version 6.4 or higher, we recommend that you use the Forcepoint User ID Service.
Network Filters section (When a Forcepoint User ID Service element is selected)
IP Ranges (Optional)	To prevent the Secure SD-WAN Engine from receiving too many logon events, specify the IP address ranges of networks from which to receive logon events. Click Add to add an element to the list, or Remove to remove the selected element. We recommend adding the IP address ranges of networks for which the Secure SD-WAN Engine routes traffic. Note: Network filters do not exclude other IP addresses outside of the specified IP address range if a user has at least one logon in the specified IP address range. The Secure SD-WAN Engine might still receive logon events from other IP address ranges.

Option

Definition

User Identification Service

The Forcepoint User ID Service and Integrated User ID Service provide user, group, and IP address information that can be used in transparent user identification.

The Integrated User ID Service is primarily meant for demonstration purposes and proof-of-concept testing of user identification services.

Select — Allows you to select an existing Forcepoint User ID Service or Integrated User ID Service element.
None — Disables transparent user identification.

Note: For Secure SD-WAN version 6.4 or higher, we recommend that you use the Forcepoint User ID Service.

Network Filters section (When a Forcepoint User ID Service element is selected)

IP Ranges

(Optional)

To prevent the Secure SD-WAN Engine from receiving too many logon events, specify the IP address ranges of networks from which to receive logon events.

Click Add to add an element to the list, or Remove to remove the selected element.

We recommend adding the IP address ranges of networks for which the Secure SD-WAN Engine routes traffic.

Note: Network filters do not exclude other IP addresses outside of the specified IP address range if a user has at least one logon in the specified IP address range. The Secure SD-WAN Engine might still receive logon events from other IP address ranges.