When hybrid users are not identified
With the Hybrid Module, when users are not identified or authenticated transparently, only 3 types of policies can be applied to requests:
- The policy applied to the external IP address from which the user connects. This IP address must be defined as a filtered location.
- Your organization’s Default policy, if the request originates from outside a filtered location, or if no computer or network policy has been applied to the filtered location.
- The hybrid service Default policy, if the user’s connection cannot be associated with your organization.
This is a rare case, that should occur only if there is a configuration problem with your hybrid service account.
User and group policies cannot be applied to self-registered users. Self-registered users always receive the Default policy (see Off-site user self-registration).