Creating user-specific Access rules
You can use User and User Group elements as the source or destination of a rule to create user-specific rules.
You can optionally use the Forcepoint User ID Service or the Integrated User ID Service with Secure SD-WAN to associate IP addresses
with users in an Active Directory database. This makes it possible to use User and User Group elements as the source or destination of a rule to create
user-specific rules without requiring user authentication. The Integrated User ID Service is primarily meant for demonstration purposes and
proof-of-concept testing of user identification services.
Note: For Secure SD-WAN version 6.4 or higher, we recommend that you use the Forcepoint User ID Service.
User-specific rules do not replace user authentication; they are a tool to simplify the configuration of access control, and improve the end-user experience by allowing transparent access to services. They are intended to be used for trusted users in a trusted environment where strong authentication is not required. User-specific rules can be used together with user authentication rules to allow some user groups to access a service, while otherwise requiring authentication for the same service.