Cisco Cisco Web Security Appliance S690 User Guide

5-11

AsyncOS 9.0 for Cisco Web Security Appliances User Guide

Chapter 5 Acquire End-User Credentials

Authentication Realms

Authentication realms define the details required to contact the authentication servers and specify which
authentication scheme to use when communicating with clients. AsyncOS supports multiple
authentication realms. Realms can also be grouped into authentication sequences that allow users with
different authentication requirements to be managed through the same policies.

•

External Authentication, page 5-11

•

Creating an Active Directory Realm for Kerberos Authentication Scheme, page 5-12

•

Creating an Active Directory Authentication Realm (NTLMSSP and Basic), page 5-14

•

Creating an LDAP Authentication Realm, page 5-16

•

About Deleting Authentication Realms, page 5-21

•

Configuring Global Authentication Settings, page 5-21

Related Topics

•

RADIUS User Authentication, page 22-8

•

Authentication Sequences, page 5-26

External Authentication

You can authenticate users through an external LDAP or RADIUS server.

Configuring External Authentication through an LDAP Server

Before You Begin

•

Create an LDAP authentication realm and configure it with one or more external authentication
queries.

Creating an LDAP Authentication Realm, page 5-16

Procedure

Step 1

Enable external authentication on the appliance:

Navigate to System Administration > Users.

Click Enable in the External Authentication section.

Configure the options:

Option

Description

Enable External Authentication

—

Authentication Type

Select LDAP.

External Authentication Cache Timeout

The number of seconds AsyncOS stores the external
authentication credentials before contacting the LDAP
server again to re-authenticate. Default is zero (0).

LDAP External Authentication Query

A query configured with the LDAP realm.