Cisco Cisco Web Security Appliance S170 Guía Del Usuario
Chapter 7 Identities
Evaluating Identity Group Membership
7-4
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
The Web Proxy sequentially reads through each Identity group in the Identity
policies table. It compares the client request status to the membership criteria of
the first Identity group. If they match, the Web Proxy assigns the Identity group
to the transaction.
policies table. It compares the client request status to the membership criteria of
the first Identity group. If they match, the Web Proxy assigns the Identity group
to the transaction.
If they do not match, the Web Proxy compares the client request to the next
Identity group. It continues this process until it matches the client request to a user
defined Identity group, or if it does not match a user defined Identity group, it
matches the global Identity policy. When the Web Proxy matches the client
request to an Identity group or the global Identity policy, it assigns the Identity
group to the transaction.
Identity group. It continues this process until it matches the client request to a user
defined Identity group, or if it does not match a user defined Identity group, it
matches the global Identity policy. When the Web Proxy matches the client
request to an Identity group or the global Identity policy, it assigns the Identity
group to the transaction.
If at any time during the comparison process the user fails authentication, the Web
Proxy terminates the request. For more information about how authentication
works with Identity groups, see
Proxy terminates the request. For more information about how authentication
works with Identity groups, see
After the Web Proxy assigns an Identity to a client request, it evaluates the request
against the other policy group types. For more information, see the following
locations:
against the other policy group types. For more information, see the following
locations:
•
•
•
•
Understanding How Authentication Affects Identity Groups
Requiring authentication for users can help your organization control access to
the web for groups of users. AsyncOS allows you to create multiple Identity
groups and define the membership criteria based on authentication requirements.
the web for groups of users. AsyncOS allows you to create multiple Identity
groups and define the membership criteria based on authentication requirements.
When authentication is required for an Identity group, a gold key icon appears
next to the Identity group name in the Policies table, as shown in
next to the Identity group name in the Policies table, as shown in