Cisco Cisco Identity Services Engine 1.3
Description
Fallback to Authentication Realm or
Guest Privileges Options
Guest Privileges Options
Select a Realm or Sequence:
• authLDAP
• ntlmrealm
• All Realms
Authentication Surrogates:
• IP Address—The Web Proxy tracks an authenticated user at a particular IP
address. For TUI, select this option.
• Persistent Cookie—The Web Proxy tracks an authenticated user on a particular
application by generating a persistent cookie for each user per application. Closing
the application does not remove the cookie.
the application does not remove the cookie.
• Session Cookie—The Web Proxy tracks an authenticated user on a particular
application by generating a session cookie for each user per domain per
application. (However, when a user provides different credentials for the same
domain from the same application, the cookie is overwritten.) Closing the
application removes the cookie.
application. (However, when a user provides different credentials for the same
domain from the same application, the cookie is overwritten.) Closing the
application removes the cookie.
Require Authentication
No changes
Block Transactions
Create Identity Profiles for WSA Clients
You should create an identification profile for WSA Clients and assign guest privileges to users on the subnet 10.4.100.0/24.
Procedure
Step 1
Choose Web Security Manager > Identification Profiles > Add Identification Profile.
Step 2
In the Enable Identification Profile section, enter the required details.
Step 3
In the User Identification Method section, choose Transparently Identify Users with ISE and Support Guest Privileges.
Step 4
In the Membership Definition section, enter a subnet address, (for example, 10.4.100.0/24).
Step 5
In the Define Members by Protocol section, select the required option (for example, HTTP/HTTPS and Native FTP
options).
options).
Step 6
Step 7
Click Submit.
13