Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring Web Settings > Configure Bypass Settings > Bypassing authentication settings
Bypassing authentication settings
 
Related topics:
The following options are available in this section:
*
*
*
Bypassing authentication settings for internal networks. This option is available only if you have an I Series appliance, or a supported edge device that connects to the cloud service.
Bypassing authentication settings for cloud-based applications
If your organization uses Microsoft Office 365, select the Office 365 box under Cloud Applications to bypass authentication for these services and ensure seamless operation.
Bypassing authentication settings for user agents or sites
Occasionally some Internet applications and websites cannot authenticate with the cloud service. This might occur with, for example, instant messaging programs, antivirus updates, or software update services.
If you are experiencing problems with Internet applications, the Authentication Bypass tab on the Web > Settings > Bypass Settings page enables you to add and edit custom settings to change the default behavior for failing applications or sites.
To allow particular applications that do not properly handle authentication challenges to bypass authentication, you can specify user agents, domains, URLs or a combination of these options.
A user agent is a string sent from your browser or Internet application to the server hosting the site that you are visiting. This string indicates which browser or application you are using, its version number, and details about your system, such as the operating system and version. The destination server then uses this information to provide content suitable for your specific browser or application.
For example, this is a user agent for Firefox:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6)
In this example, Windows NT 5.1 indicates that the operating system is Windows XP, and the language it uses is US English.
To get the user agent string for your browser, enter the following in the browser's address bar:
javascript:alert(navigator.userAgent)
To add a setting for an application or site:
1.
On the Authentication Bypass tab, click Add under User Agents & Destinations.
2.
Enter a Name for the rule. This name appears in the Authentication Bypass list on the Bypass Settings page, and you can click on it at a later date to edit your settings.
3.
*
Use defaults: Uses your default authentication method.
*
NTLM: Uses NTLM identification for the specified user agent(s) and destination(s). If an application is not NTLM-capable, basic authentication will be used instead. For more information about NTLM identification, see NTLM transparent identification.
 
Note 
*
Form login: Displays the secure login form to users before they use their cloud credentials to proceed over a secure connection. For more information, see Access Control tab.
*
Basic: Uses the basic authentication mechanism supported by many web browsers. No welcome page is displayed. For more information on basic authentication, see Access Control tab.
*
Welcome page: Displays a welcome page to users before they use basic authentication to proceed. The welcome page is configurable in each policy on the Access Control tab. Note that the welcome page is not available for traffic from I Series appliances. For more information, see Pre-logon welcome page.
*
No authentication: Bypasses all authentication and identification methods in the cloud. Select this option for Internet applications that are incapable of authentication.
4.
Important 
5.
*
 
Note 
*
To apply the rule to all user agents, select All user agents. You might want to do this if you are setting up a custom rule that applies to all browsers on all operating systems in your organization.
*
If you want to apply the bypass rule to one or more user agents, select Specific user agents, and enter each user agent on a separate line. Use the asterisk wildcard to match one line to multiple user agent strings, for example Mozilla/5.0*.
6.
*
To match against all domains and URLs, select All destinations. You might want to do this if you are setting up a custom rule that applies to a specific user agent that accesses multiple sites.
*
To apply the rule to one or more sites, select Specific destinations, and enter each URL or domain on a separate line. URLs must include the protocol portion (http://) at the beginning and a forward slash (/) at the end – for example, http://www.google.com/. If these elements are not present, the string is treated as a domain. Domains cannot include a forward slash at the end – for example, mydomain.com.
Use the asterisk wildcard to match one line to multiple destinations: for example, entering *.mydomain.com would match against all domains ending in 'mydomain.com.'
7.
Click Save.
To view the user agents that have made authentication requests via the cloud service, run the User Agents report (under Reporting > Report Catalog > Advanced). If a user agent in this report has a high number of authentication requests, it may be experiencing authentication problems.
Bypassing authentication settings for internal networks
If you have an I Series appliance or an approved edge device that connects to the cloud service, you can override policy authentication settings based on the IP addresses in your internal networks, so that specific nodes in a network (for example, guest networks) are forced to authenticate using an alternative method, or will not be authenticated at all.
If there is a conflict between the settings in this section and the settings in Bypassing authentication settings for user agents or sites, the IP address settings for the internal network take precedence.
To add a setting for an internal network:
1.
On the Authentication Bypass tab, click Add under Internal Network Traffic.
2.
Enter a Name for the rule. This name appears in the internal networks list on the Bypass Settings page, and you can click on it at a later date to edit your settings.
3.
*
Use defaults: Uses your default authentication method.
*
NTLM: Uses NTLM identification for the specified internal network(s). If an application is not NTLM-capable, basic authentication will be used instead. For more information about NTLM identification, see NTLM transparent identification.
 
Note 
*
Form login: Displays the secure login form to users before they use their cloud credentials to proceed over a secure connection. For more information, see Access Control tab.
*
Basic: Uses the basic authentication mechanism supported by many web browsers. No welcome page is displayed. For more information on basic authentication, see Access Control tab.
*
No authentication: Bypasses all authentication and identification methods in the cloud service. Select this option for internal networks that should never use authentication credentials.
4.
Important 
5.
a.
b.
c.
d.
Click OK when you are done.
6.
Click Save.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring Web Settings > Configure Bypass Settings > Bypassing authentication settings
Copyright 2017 Forcepoint. All rights reserved.