Cisco Cisco Web Security Appliance S690 사용자 가이드

To define authentication requirements for an Identity group, you can choose an 
authentication realm or sequence that applies to the Identity group. 

You can specify the authorized users when you use the Identity in a non-Identity 
policy group.

Consider the following rules and guidelines when creating and ordering Identity 
groups:

Identity group order. All Identity groups that do not require authentication 
must be above Identity groups that require authentication.

Cookie-based authentication. When the appliance is configured to use 
cookie-based authentication surrogates, it does not get cookie information 
from clients for HTTPS and FTP over HTTP requests. Therefore, it cannot get 
the user name from the cookie. How HTTPS and FTP over HTTP requests are 
matched against the Identity groups varies based on other factors. For more 
information, see 

Identity uniqueness. Verify the Identity group membership requirements are 
unique for each Identity group. If two Identity groups require the exact same 
membership, then client requests never match the lower Identity group. If any 
non-Identity policy uses the lower Identity group, client requests never match 
that policy.