Install the Passive Identity Agent Software

This task discusses how to install the passive identity agent software. For a simple installation, you can install it on your Microsoft Active Directory (AD) domain controller; for other options, see Deploy the Passive Identity Agent.

Note	We recommend you use the latest version of the passive identity agent. To see the available versions, go to software.cisco.com. To upgrade the passive identity agent, see Upgrade the Passive Identity Agent Software

Before you begin

See Get an API Token for the Passive Identity Agent.

See Prerequisites to Installing the Passive Identity Agent.

Procedure

Step 1

Download the passive identity agent from software.cisco.com.

Step 2

Step 3

Double-click CiscoPassiveIdentityAgentInstaller-1.1.msi .

Step 4

Click Next.

Step 5

Choose a folder in which to install the passive identity agent and click Next.

The default installation folder is Program Files\Program Files (x86)\Cisco\Cisco Passive Identity Agent .

Step 6

Click Next.

Step 7

Click Install.

Step 8

When the installation is done, click Finish and optionally check the box to start the passive identity agent.

Step 9

When the passive identity agent starts, click the On-Prem tab if you are using the agent with an on-premises Secure Firewall Management Center (physical or virtual) or click the Cloud tab if you are using the agent with Cloud-delivered Firewall Management Center.

Step 10

In the Cisco Passive Agent dialog box, enter the following information:


Item	Description
FMC FQDN / IP Address	Enter the fully qualified domain name, IPv4, or IPv6 address of the Cloud-delivered Firewall Management Center on which you created the passive identity agent identity source.
Token	Enter the API token you found in Get an API Token for the Passive Identity Agent.
Agent	Click the list to locate the domain controller of the passive identity agent you created previously on the Cloud-delivered Firewall Management Center.

Step 11

Click the Agent list.

Step 12

From the list, click the name of the domain controller to monitor.

Step 13

Click Test.

The following figure shows an example.

Make sure you test the connection before you save the configuration.

Step 14

Only if the test succeeds, click Save.

What to do next

Specify users to control and other options using an identity policy as described in Create an Identity Policy.
Associate the identity rule with an access control policy, which filters and optionally inspects traffic, as discussed in Associating Other Policies with Access Control.
Deploy your identity and access control policies to managed devices as discussed in Deploy Configuration Changes.
Monitor user activity .