Identifying on-premises users transparently
In general, transparent identification describes any method used to identify users in your directory service without prompting them for logon information. This includes any of the optional transparent identification agents available when user requests are managed by on-premises web protection software.
- DC Agent is used with a Windows-based directory service. The agent can be configured to subscribe to successful login events tracked by domain controllers or to periodically query domain controllers for user logon sessions and polls client machines to verify logon status. It runs on a Windows server and can be installed in any domain in the network.
- Logon Agent identifies users as they log on to Windows domains. The agent runs on a Linux or Windows server, and its associated logon application runs on Windows or Mac clients.
- Configuring RADIUS Agent can be used in conjunction with either Windows- or LDAP-based directory services. The agent works with a RADIUS server and client to identify users logging on from remote locations.
- Configuring eDirectory Agent is used with Novell eDirectory. The agent uses Novell eDirectory authentication to map users to IP addresses.
Agent can be used alone, or in certain combinations.
Both general user identification settings and specific transparent identification agents are configured on the page of the Forcepoint Security Manager.
See Configuring user identification and authentication for detailed configuration instructions.
In some instances, transparent identification agents may not be able to provide correct user information to other components. This can occur if more than one user is assigned to the same machine, or if a user is an anonymous user or guest, or for other reasons. In these cases, you can prompt the user to log on via the browser (see Manual authentication).