Policy selection by user
In order to implement user- or group-level control of your organization’s web browsing, the service must be able to identify specific users when they request a web resource.
The process by which this occurs is as follows:
- When a web request is received from an IP address that is defined as a proxied connection in a policy, the service first identifies the account and policy using the source IP address, and by default applies this connection-based policy. (For connections from unknown IP addresses, see Working with remote users, page 23.)
- If the connection-based policy requires authentication (defined on the Access Control tab), the service will then identify the user.
- Once identified, if the user is found to be assigned to a different policy, the user’s policy overrides the connection-based policy, and settings from the user’s own policy are enforced.
In order for this to occur, users must be registered with the service, and user authentication must be configured in your policy. See the sections that follow:
- User registration methods
- User authentication methods