cancel
Showing results for 
Search instead for 
Did you mean: 

Difference between host checker user realms vs host checker user roles

New Contributor

Difference between host checker user realms vs host checker user roles

Is there a difference between the host checker policy for user realms and user roles? Is it redundant to have a host checker to check for a machine certificate on both user realms and user roles?  

Trying to migrate from NC to Pulse Secure but getting a "Machine certificate not found" the same policy works with NC but nit Pulse Secure. 

2 REPLIES 2
Moderator
Moderator

Re: Difference between host checker user realms vs host checker user roles

From my understanding, host checker applied on the realm level (require and enforce) will be checked before the user login and role level (evaluate) will be checked after user login. It's like pass this policy and I will provide a chance to login (realm) and pass this policy and I will provide you this role (Authorization).

One convenient scenario, where role level host checker is used, when you would like to provide access(assign user roles) to somebody based on their compliance results i.e. if you pass - get full access, if you fail - get limited/quartined access.
Moderator

Re: Difference between host checker user realms vs host checker user roles

Is there a difference in the check used? No
Is it redundant to check for a machine certificate on both the realm & role? maybe, but that is a call you & your security team need to decide. doing it at both allows you to check if it is present at the realm and have role mapping rules that allow or disallow access based on if that certificate is present.

as far as the error goes: is it on all machines or only some? does the connection in your connection set enable machine store for the certificate?