Cisco Cisco Web Security Appliance S160 Guía Del Usuario
5-2
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Authentication Best Practices
Authentication Task Overview
Authentication Best Practices
•
Create as few Active Directory realms as is practical. Multiple Active Directory realms require
additional memory usage for authentication.
additional memory usage for authentication.
•
If using NTLMSSP, authenticate users using either the Web Security appliance or the upstream
proxy server, but not both. (Recommend Web Security appliance)
proxy server, but not both. (Recommend Web Security appliance)
•
If using Kerberos, authenticate using the Web Security appliance.
•
For optimal performance, authenticate clients on the same subnet using a single realm.
Credentials
Authentication credentials are obtained from users by either prompting them to enter their credentials
through their browsers, or another client application, or by obtaining the credentials transparently from
another source.
through their browsers, or another client application, or by obtaining the credentials transparently from
another source.
•
•
•
Configuring Single-Sign-on
Obtaining credentials transparently facilitates a single-sign-on environment. Transparent user
identification is an authentication realm setting.
identification is an authentication realm setting.
Step
Task
Links to Related Topics and Procedures
1.
Create an authentication realm.
•
•
2.
Configure global authentication settings.
•
3.
Configure external authentication.
•
4.
(Optional) Create and order additional authentication
realms.
realms.
Create at least one authentication realm for each
authentication protocol and scheme combination you plan
to use.
authentication protocol and scheme combination you plan
to use.
•
5.
(Optional) Configure credential encryption.
•
6.
Create identities to classify users and client software
based on authentication requirements.
based on authentication requirements.
•
7.
Create policies to manage web requests from the users
and user groups for which you created identities.
and user groups for which you created identities.
•