Cisco Cisco Web Security Appliance S670 User Guide
Chapter 7 Identities
Configuring Identities in Other Policy Groups
7-28
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Configuring Identities in Other Policy Groups
Every non-Identity policy group specifies at least one Identity group as part of its
policy group membership. You can configure a non-Identity policy group to use
multiple Identity groups, and you can specify which users or groups of users are
authorized to access the web using the policy group.
policy group membership. You can configure a non-Identity policy group to use
multiple Identity groups, and you can specify which users or groups of users are
authorized to access the web using the policy group.
You might want to specify multiple Identity groups in a policy group under the
following circumstances:
following circumstances:
•
You have an Identity group defined for HTTP transactions and another
Identity group defined for native FTP transactions. You can create a single
non-Identity policy group that applies to both HTTP and native FTP
transactions
Identity group defined for native FTP transactions. You can create a single
non-Identity policy group that applies to both HTTP and native FTP
transactions
•
Separate Identity groups are defined for each authentication realm. You want
to create one Access Policy group that defines the same access control
settings for users in multiple authentication realms.
to create one Access Policy group that defines the same access control
settings for users in multiple authentication realms.
Note
You can also specify All Identities and configure the authenticated users.
shows a policy group that uses multiple Identities.