Cisco Cisco Web Security Appliance S370 Guia Do Utilizador

128

I R O N P O R T   A S Y N C O S   6 . 3   F O R   W E B   U S E R   G U I D E  

If they do not match, the Web Proxy compares the client request to the next Identity group. It 
continues this process until it matches the client request to a user defined Identity group, or if 
it does not match a user defined Identity group, it matches the global Identity policy. When 
the Web Proxy matches the client request to an Identity group or the global Identity policy, it 
assigns the Identity group to the transaction.

If at any time during the comparison process the user fails authentication, the Web Proxy 
terminates the request. For more information about how authentication works with Identity 
groups, see “How Authentication Affects Identity Groups” on page 128.

After the Web Proxy assigns an Identity to a client request, it evaluates the request against the 
other policy group types. For more information, see the following locations:

• “Evaluating Access Policy Group Membership” on page 152

• “Evaluating Decryption Policy Group Membership” on page 201

• “Evaluating Routing Policy Group Membership” on page 173

• “Evaluating Data Security and External DLP Policy Group Membership” on page 219

Requiring authentication for users can help your organization control access to the web for 
groups of users. AsyncOS allows you to create multiple Identity groups and define the 
membership criteria based on authentication requirements.

When authentication is required for an Identity group, a gold key icon appears next to the 
Identity group name in the Policies table, as shown in Figure 7-1.

Figure 7-1 Identity Groups that Require Authentication

To define authentication requirements for an Identity group, you can choose an 
authentication realm or sequence that applies to the Identity group. 

Note — You can specify the authorized users when you use the Identity in a non-Identity 
policy group.