Creating user-specific Access rules
You can use User and User Group elements as the source or destination of a rule to create user-specific rules.
You can optionally use
the Forcepoint User ID Service, the McAfee Logon Collector, or
the Integrated User ID Service with Engine to associate IP addresses
with users in an Active Directory database. This makes it possible to use User and User Group elements as the source
or destination of a rule to create user-specific rules without requiring user authentication. The Integrated User ID
Service is primarily meant for demonstration purposes and proof-of-concept testing of user identification
services.
Note: For Engine version 6.4 or higher, we recommend that you use the Forcepoint User ID Service.
User-specific rules do not replace user authentication; they are a tool to simplify the configuration of access control, and improve the end-user experience by allowing transparent access to services. They are intended to be used for trusted users in a trusted environment where strong authentication is not required. User-specific rules can be used together with user authentication rules to allow some user groups to access a service, while otherwise requiring authentication for the same service.