Policy selection by IP address
When the cloud service receives a web request, it first identifies the source of the request in order to find the user’s account. If the request comes from an IP address that is defined as a connection in a policy, the service identifies the account, and, by default, applies the settings in that policy.
If you wish, you can define additional policies with different connection addresses, which can apply enforcement to different parts of your organization (as identified by egress IP). This is an
easy way to apply different policy settings to different geographical offices, or network segments.
Tip: Using IP-based policy selection also allows users to browse anonymously, without
having to authenticate. If user authentication is not required by the policy, enforcement actions are applied to all traffic coming from the egress IP, but users are not individually identified,
and user-specific reporting data will not be available.
User authentication is always required for roaming users (those connecting from an unknown IP address), in order to identify the user’s account and ensure that the user is entitled to access the service. Add IP addresses to your policies in the cloud portal via , using the Connections tab.