The User Agent Identity Source
The Cisco Firepower User Agent is a passive authentication method; it is an authoritative identity source, meaning user information is supplied by a trusted Active Directory server. When integrated with the Firepower System, the user agent monitors users when they log in and out of hosts with Active Directory credentials. The data gained from the User Agent can be used for user awareness and user control.
The user agent associates each user with an IP address, which allows access control rules with user conditions to trigger. You can use one user agent to monitor user activity on up to five Active Directory servers and send encrypted data to up to five Firepower Management Centers.
The User Agent does not report failed login attempts.
End of FMC Support for User Agent
End of support is planned for FMC integration with the Cisco Firepower User Agent (hereafter referred to as user agent) in a future release.
We strongly recommend you stop using the user agent and switch to using the Cisco Identity Services Engine/Passive Identity Connector (ISE/ISE-PIC) as soon as possible.
You'll benefit from the following features, which are not available in the user agent:
Support for Microsoft Active Directory up to version 2016
Gathers authentication data from up to 10 Microsoft Active Directory domain controllers
Gathers Active Directory authentication data from switches supporting Kerberos SPAN
Supports passive/active redundancy
You can upgrade from the ISE-PIC to ISE, adding the Passive Identity Connector node to an existing Cisco ISE cluster.
Supports KVM, VMware, and Hyper-V
Tailored to fit your organization with support for 3,000 and 300,000 sessions, depending on licensing