Rule-based authentication configuration summary

Steps

  1. If Content Gateway is an explicit proxy and you want to bring traffic in on multiple ports, specify the ports on the Configure > Protocol > HTTP tab.
    Important: You must also configure your clients to use the correct port.
  2. Configure Global authentication options (Configure > Security > Access Control > Global Authentication Options).
  3. Create a domain list (Configure > Security > Access Control > Domains).
    • To specify a domain in a rule, it must be a member of the Domain List.
    • Active Directory domains used with IWA must be joined.

    Handling of unknown users:

    In rule-based authentication, Content Gateway may authenticate users that are outside the User Service primary domain. In these cases, Content Gateway can be configured to send an “alias” user name that User Service knows about. Or, you can send no name, in which case standard Filtering Service precedence is applied to determine the correct policy. (See Enforcement order in Administrator Help for the Web module.) This specification is made for each domain in the Domain list.

    For more information, see Unknown users and the ‘alias’option, below.

  4. Create authentication rules (Configure > Security > Access Control > Authentication Rules).
  5. Restart Content Gateway to make the new rules take effect.