Cisco Cisco Web Security Appliance S670 Guía Del Usuario
Chapter 7 Identities
Identifying Users Transparently
7-16
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Note
You can configure the Web Proxy to request authentication again if an
authenticated user is blocked from a website due to restrictive URL filtering. To
do this, enable the “Enable Re-Authentication Prompt If End User Blocked by
URL Category or User Session Restriction” global authentication setting. For
more information, see
authenticated user is blocked from a website due to restrictive URL filtering. To
do this, enable the “Enable Re-Authentication Prompt If End User Blocked by
URL Category or User Session Restriction” global authentication setting. For
more information, see
.
Identifying Users Transparently
Traditionally, users identified by an authentication user name are explicitly
prompted to enter a user name and password. The credentials the user enters are
then validated against an authentication server, and then the Web Proxy applies
the appropriate policies to the transaction based on the authenticated user name.
prompted to enter a user name and password. The credentials the user enters are
then validated against an authentication server, and then the Web Proxy applies
the appropriate policies to the transaction based on the authenticated user name.
However, you can configure the Web Security appliance so that it identifies users
by an authenticated user name transparently—that is, without prompting the end
user. You might want to do this to:
by an authenticated user name transparently—that is, without prompting the end
user. You might want to do this to:
•
Create a single sign-on environment so users are not aware of the presence of
a proxy on the network.
a proxy on the network.
•
Use authentication based policies to apply to transactions coming from client
applications that are incapable of displaying the authentication prompt to end
users.
applications that are incapable of displaying the authentication prompt to end
users.
Identifying users transparently only affects how the Web Proxy obtains the user
name and assigns an Identity group. After it obtains the user name and assigns an
Identity, it applies all other policies normally, regardless of how it assigned the
Identity.
name and assigns an Identity group. After it obtains the user name and assigns an
Identity, it applies all other policies normally, regardless of how it assigned the
Identity.
To identify users transparently, you must define at least one LDAP authentication
realm that supports Novell eDirectory.
realm that supports Novell eDirectory.
Note
You can also transparently identify remote users when using Secure Mobility
Solution. For more information, see
Solution. For more information, see
.