Cisco Cisco Web Security Appliance S670 User Guide
142
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
C O N F I G U R I N G I D E N T I T I E S I N O T H E R PO L I C Y G R O U P S
Every non-Identity policy group specifies at least one Identity group as part of its policy group
membership. You can configure a non-Identity policy group to use multiple Identity groups,
and you can specify which users or groups of users are authorized to access the web using the
policy group.
membership. You can configure a non-Identity policy group to use multiple Identity groups,
and you can specify which users or groups of users are authorized to access the web using the
policy group.
You might want to specify multiple Identity groups in a policy group under the following
circumstances:
circumstances:
• You have an Identity group defined for HTTP transactions and another Identity group
defined for native FTP transactions. You can create a single non-Identity policy group that
applies to both HTTP and native FTP transactions
applies to both HTTP and native FTP transactions
• Separate Identity groups are defined for each authentication realm. You want to create one
Access Policy group that defines the same access control settings for users in multiple
authentication realms.
authentication realms.
Note — You can also specify All Identities and configure the authenticated users.
Figure 7-4 shows a policy group that uses multiple Identities.
Figure 7-4 Multiple Identities in a Policy Group
This Identity uses an authentication sequence and this policy group
applies to one realm in the sequence.
applies to one realm in the sequence.
All authenticated users in this Identity are authorized for this
policy group.
policy group.
The specified user groups in this Identity are authorized for this
policy group.
policy group.