Cisco Cisco Web Security Appliance S160 Guía Del Usuario
8-22
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 8 Identities
Configuring Identities in Other Policy Groups
Configuring Identities in Other Policy Groups
Every non-Identity policy group specifies at least one Identity group as part of its policy group
membership. You can configure a non-Identity policy group to use multiple Identity groups, and you can
specify which users or groups of users are authorized to access the web using the policy group.
membership. You can configure a non-Identity policy group to use multiple Identity groups, and you can
specify which users or groups of users are authorized to access the web using the policy group.
You might want to specify multiple Identity groups in a policy group under the following circumstances:
•
You have an Identity group defined for HTTP transactions and another Identity group defined for
native FTP transactions. You can create a single non-Identity policy group that applies to both HTTP
and native FTP transactions
native FTP transactions. You can create a single non-Identity policy group that applies to both HTTP
and native FTP transactions
•
Separate Identity groups are defined for each authentication realm. You want to create one Access
Policy group that defines the same access control settings for users in multiple authentication
realms.
Policy group that defines the same access control settings for users in multiple authentication
realms.
Note
You can also specify All Identities and configure the authenticated users.
shows a policy group that uses multiple Identities.
Figure 8-5
Multiple Identities in a Policy Group
Note
If an Identity group becomes disabled, then that Identity group is removed (not disabled) from any
non-Identity policy group that used it. If the Identity group becomes enabled again, the non-Identity
policy groups that previously used the Identity do not automatically include the enabled Identity. Identity
groups become disabled due to a deleted authentication realm or sequence.
non-Identity policy group that used it. If the Identity group becomes enabled again, the non-Identity
policy groups that previously used the Identity do not automatically include the enabled Identity. Identity
groups become disabled due to a deleted authentication realm or sequence.
This Identity uses an authentication sequence and this policy group
applies to one realm in the sequence.
applies to one realm in the sequence.
Authentication is not used for this Identity.
This Identity allows guest access and applies to users who fail
authentication.
authentication.
The specified user groups in this Identity are authorized for this policy
group.
group.