Creating user-specific Access rules

You can use User and User Group elements as the source or destination of a rule to create user-specific rules.

You can optionally use the Forcepoint User ID Service or the Integrated User ID Service with Secure SD-WAN to associate IP addresses with users in an Active Directory database. This makes it possible to use User and User Group elements as the source or destination of a rule to create user-specific rules without requiring user authentication. The Integrated User ID Service is primarily meant for demonstration purposes and proof-of-concept testing of user identification services.

Note: For Secure SD-WAN version 6.4 or higher, we recommend that you use the Forcepoint User ID Service.

User-specific rules do not replace user authentication; they are a tool to simplify the configuration of access control, and improve the end-user experience by allowing transparent access to services. They are intended to be used for trusted users in a trusted environment where strong authentication is not required. User-specific rules can be used together with user authentication rules to allow some user groups to access a service, while otherwise requiring authentication for the same service.