To control web traffic on the network and protect your network from web based threats, the Web Proxy
needs to identify who is trying to access the web. Users can be identified by different criteria, such as
their machine address or authenticated user name. The Web Proxy can apply different actions to
transactions based on who is submitting the request.

To identify who is accessing the web, you create Identities in the Web Security appliance. An Identity is
a policy that identifies and groups users. An Identity addresses the question, “who are you?”

Identities are the only policy where you define whether or not authentication is required to access the
web. However, Identities do not specify a list of users who are authorized (allowed) to access the web.
You specify authorized users in the other (non-Identity) policy types.

All other policy types use an Identity as the basis to determine which policy group applies to the
transaction. That means you can create a single Identity and use it multiple times in the non-Identity
policy groups.

You might want to group the following types of users or machines:

•

A group of machine addresses in a test lab. You can create a Routing Policy with this Identity so
requests from these machines are fetched directly from the destination server.

•

All authenticated users based on the All Realms authentication sequence. You can create a
single Access Policy using this Identity, or you can create a different Access Policy for each
authentication realm and configure different control settings for users in each realm.