Cisco Cisco Web Security Appliance S170 Guía Del Usuario
15-4
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 15 Achieving Secure Mobility
Transparently Identifying Remote Users
Transparently Identifying Remote Users
When the Web Security appliance integrates with a Cisco adaptive security appliance, you can configure
it to identify users by an authenticated user name transparently—that is, without prompting the end user.
You might want to do this to achieve single sign-on for remote users.
it to identify users by an authenticated user name transparently—that is, without prompting the end user.
You might want to do this to achieve single sign-on for remote users.
Note
You can also identify users transparently using Novell eDirectory and Active Directory. For more
information, see
information, see
To configure transparent user identification for remote users:
Step 1
Enable Secure Mobility Solution on the Security Services > AnyConnect Secure Mobility page.
For more information, see
.
Step 2
Create an Identity group that applies to remote users:
a.
In the “Define Members by User Location” section, select Remote Users Only.
b.
In the “Define Members by Authentication” section, select “Identify Users Transparently through
Cisco ASA Integration.”
Cisco ASA Integration.”
c.
Configure all other Identity options as desired.
For more information on creating Identities, see
Step 3
Create policies that use the Identity for remote users.
Logging
The access logs indicate whether each transaction was made by a local or remote user. You can also add
the same custom format specifier (%l) to the existing access logs, or you can add the equivalent W3C
field (auth-user-type) to the W3C access logs.
the same custom format specifier (%l) to the existing access logs, or you can add the equivalent W3C
field (auth-user-type) to the W3C access logs.
In addition to the access logs, the Web Security appliance provides the following logs for
troubleshooting potential Secure Mobility Solution issues.
troubleshooting potential Secure Mobility Solution issues.
•
User Discovery Service (UDS) log. The UDS log records data about how the Web Proxy discovers
the user name without doing actual authentication. It includes information about interacting with the
Cisco adaptive security appliance for Secure Mobility Solution as well as integrating with the Novell
eDirectory server for transparent user identification.
the user name without doing actual authentication. It includes information about interacting with the
Cisco adaptive security appliance for Secure Mobility Solution as well as integrating with the Novell
eDirectory server for transparent user identification.
•
AnyConnect Secure Mobility Daemon log. The AnyConnect Secure Mobility Daemon log records
the interaction between the Web Security appliance and the AnyConnect client, including the status
check.
the interaction between the Web Security appliance and the AnyConnect client, including the status
check.