Cisco Cisco Web Security Appliance S670 User Guide
8-26
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 8 Identities
Example Identity Policies Tables
Step 4
Create two user defined policy groups of the same type, such as Access Policies, and configure them
both to use the Identity group with the authentication sequence you defined in step
both to use the Identity group with the authentication sequence you defined in step
Step 5
Configure the first policy group to only apply to users in one realm, such as RealmA. You can do this by
specifying a particular realm in the sequence, or by using authentication groups, or entering specific
usernames.
specifying a particular realm in the sequence, or by using authentication groups, or entering specific
usernames.
Step 6
Configure the second policy group to only apply to users in the other realm, such as RealmB. You can
do this by specifying a particular realm in the sequence, or by using authentication groups, or entering
specific usernames.
do this by specifying a particular realm in the sequence, or by using authentication groups, or entering
specific usernames.
When you configure the appliance in this way, any client that sends a request for a URL must exist in
either realm in the sequence (RealmA or RealmB) in order to pass authentication at the Identity level.
Once an Identity has been assigned to the client request, the Web Proxy can compare the client request
against the other policy types and determine which policy group, such as an Access Policy group, to
match and then apply those control settings. In this example, the Web Proxy matches users in RealmA
with the policy group configured in step
either realm in the sequence (RealmA or RealmB) in order to pass authentication at the Identity level.
Once an Identity has been assigned to the client request, the Web Proxy can compare the client request
against the other policy types and determine which policy group, such as an Access Policy group, to
match and then apply those control settings. In this example, the Web Proxy matches users in RealmA
with the policy group configured in step
, and matches users in RealmB with the policy group
configured in step