Cisco Cisco Web Security Appliance S360 User Guide
8-19
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 8 Identities
Creating Identities
Step 8
In the Identification and Authentication section, select one of these options:
•
.
•
Identify Users Transparently. The user is identified by the current IP address to user name
mapping. This option is available when at least one authentication realm is defined that supports
transparent user identification. Go to
mapping. This option is available when at least one authentication realm is defined that supports
transparent user identification. Go to
.
•
Identify Users Transparently through Cisco ASA Integration. The user is identified by the
current IP address to user name mapping received from the Cisco adaptive security appliance (ASA).
This option appears when Secure Mobility is enabled and integrates with a Cisco adaptive security
appliance, and when Remote Users is selected in
current IP address to user name mapping received from the Cisco adaptive security appliance (ASA).
This option appears when Secure Mobility is enabled and integrates with a Cisco adaptive security
appliance, and when Remote Users is selected in
. Go to
.
Note
(For deployments with a Security Management appliance) When configuring Identities on a
Security Management appliance, this option appears when a Web Security appliance with an
authentication realm that supports transparent user identification has been added as a
managed appliance.
Security Management appliance, this option appears when a Web Security appliance with an
authentication realm that supports transparent user identification has been added as a
managed appliance.
•
Authenticate Users The user is identified by the authentication credentials entered. This option
appears when at least one authentication realm is defined. Go to
appears when at least one authentication realm is defined. Go to
.
Step 9
Configure the Identity to authenticate users:
a.
In the Select a Realm or Sequence field, choose a defined authentication realm or sequence.
b.
If you choose an NTLM authentication realm or sequence that contains an NTLM authentication
realm, then choose an authentication scheme in the Select a Scheme field.
realm, then choose an authentication scheme in the Select a Scheme field.
c.
To grant guest access to users who fail authentication due to invalid credentials, select the Support
Guest privileges check box.
Guest privileges check box.
For more information, see
.
Note
You can specify individual authenticated users or groups of users when you use the Identity
in a different type of policy group. For more information, see
in a different type of policy group. For more information, see
d.
Go to
Step 10
To configure the Identity to use transparent user identification:
a.
In the Select a Realm or Sequence field, choose a defined authentication realm that supports
transparent user identification, either an LDAP authentication realm that supports Novell eDirectory
or an NTLM authentication realm that is enabled for transparent user identification. You can also
choose a sequence that contains only realms that support transparent user identification.
transparent user identification, either an LDAP authentication realm that supports Novell eDirectory
or an NTLM authentication realm that is enabled for transparent user identification. You can also
choose a sequence that contains only realms that support transparent user identification.
b.
Choose how to handle transactions when transparent user identification fails: either grant users guest
access, or force an authentication prompt to appear to end users.
access, or force an authentication prompt to appear to end users.
Transparent user identification might fail if the Web Proxy cannot determine the user who is
currently logged in from the specified IP address. That is, if the IP address is not in the IP address
to user mapping.
currently logged in from the specified IP address. That is, if the IP address is not in the IP address
to user mapping.
c.
Choose whether to allow the user guest access when a user is shown an authentication prompt due
to failed transparent user identification and the user then fails authentication due to invalid
credentials.
to failed transparent user identification and the user then fails authentication due to invalid
credentials.
For more information on transparent user identification, see
.