Cisco Cisco Web Security Appliance S670 User Guide

5-11

AsyncOS 8.7 for Cisco Web Security Appliances User Guide

Chapter 5 Acquire End-User Credentials

Authentication Realms

•

Creating an Active Directory Authentication Realm (NTLMSSP and Basic), page 5-14

•

Creating an LDAP Authentication Realm, page 5-16

•

About Deleting Authentication Realms, page 5-20

•

Configuring Global Authentication Settings, page 5-20

Related Topics

•

RADIUS User Authentication, page 22-8

•

Authentication Sequences, page 5-25

External Authentication

You can authenticate users through an external LDAP or RADIUS server.

Configuring External Authentication through an LDAP Server

Before You Begin

•

Create an LDAP authentication realm and configure it with one or more external authentication
queries.

Creating an LDAP Authentication Realm, page 5-16

Procedure

Step 1

Enable external authentication on the appliance:

Navigate to System Administration > Users.

Click Enable in the External Authentication section.

Configure the options:

Step 2

Submit and commit your changes.

Enabling RADIUS External Authentication

See

Enabling External Authentication Using RADIUS, page 22-8

Option

Description

Enable External Authentication

—

Authentication Type

Select LDAP.

External Authentication Cache Timeout

The number of seconds AsyncOS stores the external
authentication credentials before contacting the LDAP
server again to re-authenticate. Default is zero (0).

LDAP External Authentication Query

A query configured with the LDAP realm.

Timeout to wait for valid response
from server.

The number of seconds AsyncOS waits for a response to
the query from the server.

Group Mapping

For each group name in the directory, assign a role.