Simple Passive Identity Agent Deployment

The following diagram shows the simplest passive identity agent deployment.

The simplest Passive Identity Agent is one standalone agent installed on the Active Directory domain controller. This agent sends user name and IP info to the firewall manager

In the preceding example, a standalone passive identity agent is installed on the AD domain controller. Users log in and out of the AD domain and the agent sends user name and IP address information to the Cloud-delivered Firewall Management Center. As users access the network, access control and identity policies deployed to the Secure Firewall Threat Defense determine whether or not, and how, access is allowed.

You can install a passive identity agent on the AD domain controller, directory server, or on any client connected to the domain you wish to monitor.