Identity management
Registering your users via identity management is the most flexible and scalable option for user management.
We recommend that your synchronization includes:
- (Directory Synchronization) Users’ NTLM IDs: these can be used to transparently identify users without the need for users to manually log on. (Note: if NTLM IDs are not included in the synchronization, users must perform a one-time self registration process when they first connect to the cloud service.)
- Groups that will be useful for policy enforcement purposes - for example, if members of different departments will have different policy settings. You can configure the cloud service to assign
users to policies based on group membership, allowing you to manage policy assignment via your directory. You can also configure policy exceptions based on group membership.Note: Forcepoint recommends that you include the minimum number of groups required for policy enforcement. Including more groups than necessary can impact performance.
For advice on configuring identity management, see Planning for your first synchronization in the Web Security Cloud help.
Once you have synchronized your users and groups, assign groups to the relevant policy via the End Users tab of the policy.