HP Identity Driven Manager Software Licenses User Manual

1-4

About ProCurve Identity Driven Manager
Introduction

When using IDM, the authentication process proceeds as described in the first
three steps, but from that point the process changes as follows:

4.

The RADIUS server validates the user’s identity in the user directory.
Based on the validation result received from the user directory, the
authentication server returns an accept or deny response to the switch. If
the user is accepted (authenticated), the IDM Agent on the RADIUS server
processes the user information. IDM then inserts the network access
rights configured for the user into the Authentication response sent to the
switch.

5.

If the user is authenticated, the switch grants the user access to the
network. The (IDM) authorization information included in the authenti-
cation response is used to configure VLAN access, QoS and Bandwidth
parameters for the user, and what network resources the user can access
based on time and location of the user’s login.

If the user is authenticated by the RADIUS server, but IDM’s authorization
data indicates that the user is attempting to access the network at the
wrong time, or from the wrong location or system, the user’s access
request is denied by IDM.

Figure 1-3. Access Control using IDM

If a user is authenticated in RADIUS, but is unknown to IDM, IDM will not
override RADIUS authentication and default switch settings, unless you
configure it to do so. You can create a "guest" profile in IDM to provide
limited access for unknown users.