Cisco Cisco Web Security Appliance S190 Guía Del Usuario
8-18
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 8 Identities
Creating Identities
Creating Identities
You can create Identities based on combinations of several criteria, such as client subnet or the URL
category of the destination site. You must define at least one criterion for Identity membership. When
you define multiple criteria, the client request must meet all criteria to match the Identity.
category of the destination site. You must define at least one criterion for Identity membership. When
you define multiple criteria, the client request must meet all criteria to match the Identity.
For more information about how the Web Proxy matches a client request with an Identity, see
and
.
You define Identity group membership on the Web Security Manager > Identities page.
Note
Deleting an authentication realm or sequence disables Identities that depend on the deleted realm or
sequence.
sequence.
Step 1
Navigate to the Web Security Manager > Identities page.
Step 2
Click Add Identity.
Step 3
Enter a name for the Identity group and an optional description.
Note
Each Identity group name must be unique and only contain alphanumeric characters or the space
character.
character.
Step 4
In the Insert Above field, choose where in the policies table to place the Identity group.
When configuring multiple Identity groups, specify a logical order for each group. Carefully order your
Identity groups to ensure that correct matching occurs. Position groups that do not require authentication
above the first policy group that requires authentication. For more information about how authentication
affects Identity groups, see
Identity groups to ensure that correct matching occurs. Position groups that do not require authentication
above the first policy group that requires authentication. For more information about how authentication
affects Identity groups, see
Step 5
In the Define Members by User Location section, configure the Identity to apply to local users, remote
users, or both local and remote users.
users, or both local and remote users.
The setting chosen here affects the available authentication settings for this Identity.
Note
This section only appears when the Secure Mobility is enabled. For more information, see
.
Step 6
In the Define Members by Subnet field, enter the addresses to which this Identity should apply.
You can enter IP addresses, CIDR blocks, and subnets. Separate multiple addresses with commas.
Note
If you do not enter an address in this field, the Identity group applies to all IP addresses. For
example, if you configure the Identity to require authentication, but do not define any other
settings, then the Identity acts similarly to the Default Identity Policy with authentication
required.
example, if you configure the Identity to require authentication, but do not define any other
settings, then the Identity acts similarly to the Default Identity Policy with authentication
required.
Step 7
In the Define Members by Protocol section, choose to which protocols this Identity should apply.
Note
HTTP/HTTPS Only applies to all requests that use HTTP or HTTPS as the underlying protocol,
including FTP over HTTP and any other protocol tunneled using HTTP CONNECT.
including FTP over HTTP and any other protocol tunneled using HTTP CONNECT.