Cisco Cisco Web Security Appliance S170 사용자 가이드

When the Web Security appliance integrates with a Cisco adaptive security appliance, you can configure 
it to identify users by an authenticated user name transparently—that is, without prompting the end user. 
You might want to do this to achieve single sign-on for remote users.

You can also identify users transparently using Novell eDirectory and Active Directory. For more 
information, see 

To configure transparent user identification for remote users:

Enable Secure Mobility Solution on the Security Services > AnyConnect Secure Mobility page. 

For more information, see 

.

Create an Identity group that applies to remote users:

In the “Define Members by User Location” section, select Remote Users Only.

In the “Define Members by Authentication” section, select “Identify Users Transparently through 
Cisco ASA Integration.” 

Configure all other Identity options as desired.

For more information on creating Identities, see 

Create policies that use the Identity for remote users. 

The access logs indicate whether each transaction was made by a local or remote user. You can also add 
the same custom format specifier (%l) to the existing access logs, or you can add the equivalent W3C 
field (auth-user-type) to the W3C access logs.

In addition to the access logs, the Web Security appliance provides the following logs for 
troubleshooting potential Secure Mobility Solution issues.

User Discovery Service (UDS) log. The UDS log records data about how the Web Proxy discovers 
the user name without doing actual authentication. It includes information about interacting with the 
Cisco adaptive security appliance for Secure Mobility Solution as well as integrating with the Novell 
eDirectory server for transparent user identification.

AnyConnect Secure Mobility Daemon log. The AnyConnect Secure Mobility Daemon log records 
the interaction between the Web Security appliance and the AnyConnect client, including the status 
check.