Use case

This describes a case in which an organization with a single domain wants to authenticate requests from 2 common web browsers. They also want to bypass authentication for web applications that do not support authentication.

An organization—let’s call it Best Corp—uses Content Gateway. They have one domain (BCORP), and one domain controller. They use IWA to authenticate users.

Best Corp wants to ensure that:

  • Requests from common web browsers are authenticated. They control which web browsers are allowed on their computers.
  • Web applications that don’t support authentication bypass authentication. The User-Agent feature of rule-based authentication makes this possible.

To configure the solution, Best Corp:

Steps

  1. Enables Rule-Based Authentication.
  2. Adds the BCORP domain to the Domains list.
  3. Creates an IWA rule that:
    1. Optionally, specifies the supported client IP address ranges.
    2. Specifies, by User-Agent value, the web browsers to authenticate.

      In the User-Agent field, they use the Predefined drop down list to select and Add Internet Explorer and Firefox. The regex looks like:

      MSIE.*|Firefox.*

    That’s it. With this configuration, all requests from Internet Explorer and Firefox, the only 2 browsers that can be installed on their computers, are subject to user authentication. All other requests, most particularly web applications, bypass authentication. To further customize the approach, Best Corp could create other authentication rules and/or add proxy filtering rules (filter.config) to deny or bypass specific applications by User-Agent value.