Cisco Cisco Web Security Appliance S160 Guía Del Usuario
8-23
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 8 Identities
Example Identity Policies Tables
Step 1
Create a new policy group or edit the membership of an existing policy group for Access, Decryption,
Routing, Data Security, or External DLP Policy.
Routing, Data Security, or External DLP Policy.
Step 2
Scroll down to the Identities and Users section.
Step 3
Choose one of the following options from the dropdown menu:
•
Select One or More Identities. This option allows you to configure specific Identity groups. Go to
step
step
•
All Identities. This option specifies all configured Identity groups. Go to step
.
Step 4
Under the Identity column, choose the Identity group to apply to this policy group.
Step 5
If you choose an Identity that requires authentication, you can specify which users are authorized for this
policy group. These users must authenticate. In the Authorized Users and Groups column, choose one
of the following options:
policy group. These users must authenticate. In the Authorized Users and Groups column, choose one
of the following options:
•
All authenticated users. You can configure the Identity in this policy group to apply to all
authenticated users in the Identity group by default. If the Identity group specifies an authentication
sequence, you can configure this policy group to apply to one authentication realm or all realms in
the sequence.
authenticated users in the Identity group by default. If the Identity group specifies an authentication
sequence, you can configure this policy group to apply to one authentication realm or all realms in
the sequence.
•
Selected Groups and Users. You can configure the Identity in this policy group to apply to specific
users. You can define users by group object or user object. Click the link for either Groups or Users,
and enter the group or user information on the page that opens.
When you add groups of users for an Identity using an NTLM authentication realm, the Edit Groups
page displays the first 500 matching entries, omitting built-in groups.
users. You can define users by group object or user object. Click the link for either Groups or Users,
and enter the group or user information on the page that opens.
When you add groups of users for an Identity using an NTLM authentication realm, the Edit Groups
page displays the first 500 matching entries, omitting built-in groups.
•
Guests (users failing authentication). If the Identity group allows guest access, you can configure
this policy group to apply to all users who fail to authenticate in this Identity. For more information,
see
this policy group to apply to all users who fail to authenticate in this Identity. For more information,
see
•
All users (authenticated and unauthenticated users). You can configure this policy group to apply
to every user in every Identity group. This option only appears when you choose All Identities.
When you apply the policy group to all users, you must specify at least one advanced option to
distinguish this policy group from the global policy.
to every user in every Identity group. This option only appears when you choose All Identities.
When you apply the policy group to all users, you must specify at least one advanced option to
distinguish this policy group from the global policy.
Step 6
(Optional) Add another Identity group to this policy group by clicking Add Identity.
You can add additional Identity groups if you configured specific Identity groups instead of All
Identities.
Identities.
Step 7
If you add another Identity group, repeat steps
through
.
Step 8
Submit and commit your changes.
Example Identity Policies Tables
This section shows some sample Identity groups defined in an Identity policies table and describes how
the Web Proxy evaluates different client requests using each Identity policies table.
the Web Proxy evaluates different client requests using each Identity policies table.