Cisco Cisco Web Security Appliance S690 User Guide

5-11

AsyncOS 9.1.1 for Cisco Web Security Appliances User Guide

Chapter 5 Acquire End-User Credentials

Authentication Realms

Related Topics

•

RADIUS User Authentication, page 22-8

•

Authentication Sequences, page 5-26

External Authentication

You can authenticate users through an external LDAP or RADIUS server.

Configuring External Authentication through an LDAP Server

Before You Begin

•

Create an LDAP authentication realm and configure it with one or more external authentication
queries.

Creating an LDAP Authentication Realm, page 5-16

Step 1

Enable external authentication on the appliance:

Navigate to System Administration > Users.

Click Enable in the External Authentication section.

Configure the options:

Step 2

Submit and commit your changes.

Enabling RADIUS External Authentication

See

Enabling External Authentication Using RADIUS, page 22-9

Creating an Active Directory Realm for Kerberos Authentication Scheme

Before You Begin

•

Ensure the appliance is configured in Standard mode (not Cloud Connector Mode).

•

Prepare the Active Directory Server.

Option

Description

Enable External Authentication

—

Authentication Type

Select LDAP.

External Authentication Cache Timeout

The number of seconds AsyncOS stores the external
authentication credentials before contacting the LDAP
server again to re-authenticate. Default is zero (0).

LDAP External Authentication Query

A query configured with the LDAP realm.

Timeout to wait for valid response
from server.

The number of seconds AsyncOS waits for a response to
the query from the server.

Group Mapping

For each group name in the directory, assign a role.