Cisco Cisco Web Security Appliance S160 User Guide

Create as few Active Directory realms as is practical. Multiple Active Directory realms require 
additional memory usage for authentication.

If using NTLMSSP, authenticate users using either the Web Security appliance or the upstream 
proxy server, but not both. (Recommend Web Security appliance)

If using Kerberos, authenticate using the Web Security appliance. 

For optimal performance, authenticate clients on the same subnet using a single realm.

Authentication credentials are obtained from users by either prompting them to enter their credentials 
through their browsers, or another client application, or by obtaining the credentials transparently from 
another source. 

Obtaining credentials transparently facilitates a single-sign-on environment. Transparent user 
identification is an authentication realm setting.

Create an authentication realm. 

Configure global authentication settings.

(Optional) Create and order additional authentication 
realms. 

Create at least one authentication realm for each 
authentication protocol and scheme combination you plan 
to use.

(Optional) Configure credential encryption.

Create identities to classify users and client software 
based on authentication requirements.

Create policies to manage web requests from the users 
and user groups for which you created identities.