Cisco Cisco Web Security Appliance S390 Betriebsanweisung

Using authentication surrogates, after a user authenticates once during a session, you can track 
credentials for reuse throughout that session rather than having the user authenticate for each new 
request. Authentication surrogates may be based on the IP address of the user’s workstation or on a 
cookie that is assigned to the session.

If authentication fails for accepted reasons, such as incompatible client applications, you can grant guest 
access. 

If authentication succeeds but authorization fails, it is possible to allow re-authentication using a 
different set of credentials that may be authorized to access the requested resource.

Authentication realms define the details required to contact the authentication servers and specify which 
authentication scheme to use when communicating with clients. AsyncOS supports multiple 
authentication realms. Realms can also be grouped into authentication sequences that allow users with 
different authentication requirements to be managed through the same policies.

Ensure the appliance is configured in Standard mode (not Cloud Connector Mode).

Prepare the Active Directory Server.