Working with remote users
Forcepoint Web Security Cloud can protect and monitor users even when they are not in their typical office location, such as when working from home, connecting from a public access point, or using a third-party network. This section describes how Forcepoint Web Security Cloud handles roaming users connecting from a location other than their network domain.
When the cloud service receives a URL request, it first checks the source IP address of the request and searches all customer policies for a matching address. (The source IP address is configured
as a connection in a policy’s Connections tab in the cloud portal.) For roaming users, no match will be found. In this situation, the roaming user encounters one of the
following scenarios:
- If the user’s device has Neo, Classic Proxy Connect endpoint, or Classic Direct Connect endpoint installed, the endpoint client sends account and user information, allowing the service to identify the user seamlessly.
- If you have deployed single sign-on for your users, the roaming user is first asked to enter an email address, in order to identify the user’s account, and is then authenticated by the identity provider. (Users are typically only required to enter an email address once; following a successful authentication, a long-lived cookie is set, allowing the service to recognize the user's account.)
- If neither Forcepoint Web Security Endpoint nor single sign-on is in use, and the service cannot find the source IP address in a policy, it responds with a logon page that states: “You are
connecting from an unrecognized location.” The user has to log on with their cloud service details. The service then searches for the user in its policies. When it finds the user, the appropriate
policy settings are applied.
In order to log on, the user has to be registered. If they have not already set a password to access the service, roaming users can go through a one-time self- registration process. See User registration methods, page 20.
Note: Some browsers can exhibit inconsistent behavior in certain circumstances, such as when used in public Internet access points in hotels and airports. For more information on configuring and troubleshooting access for roaming users, see Using cloud web protection from public Internet access points on the Forcepoint Support website.