Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Using Logon Agent for Transparent User Identification > Components used for transparent identification with Logon Agent
Components used for transparent identification with Logon Agent
51062 | Using Logon Agent TRITON AP-WEB and Web Filter & Security | 12-Oct-2015
Transparent identification with Websense Logon Agent uses the following components.
Logon Agent
Websense Logon Agent can be installed on Windows or Linux, and works with the logon application installed on Windows or Mac clients.
Logon Agent can communicate with Windows Active Directory in native or mixed mode, and uses information sent by the logon application to authenticate user logon sessions from all Windows domains in your network. The agent stores authenticated user name/IP address pairs in a user map in local memory.
Multiple Logon Agent instances can be used if required; this may benefit larger networks (see Logon Agent deployment).
Filtering Service uses the information provided by Logon Agent to apply policies to logged-on users.
A Logon Agent installation includes the following files:
The logon application
The logon application runs on Windows and Mac clients and sends user logon information to Logon Agent for authentication.
*
In persistent mode (default), the Windows or Mac logon application sends logon information to Logon Agent at a specific interval (configured using the Query interval (persistent mode) setting in the TRITON console).
*
In nonpersistent mode, the Windows logon application sends logon information to Logon Agent only once for each logon. The entry remains in the user map for a specific interval (configured using the User entry expiration (nonpersistent mode) setting in the TRITON console).
User Service
User Service and Logon Agent may reside on the same machine or different machines, but Logon Agent must be able to communicate with User Service.
User Service provides domain controller names and IP addresses to Logon Agent so that the agent can authenticate users logged on to domains. User Service also interacts with the directory service to get group information for logged-on users.
 
Important 
Filtering Service
Filtering Service translates logon session data provided by Logon Agent so that the appropriate policies can be applied to users, groups, and domains (OUs).
Filtering Service receives user logon session information from Logon Agent as users log on to domain controllers or machines. Filtering Service gets user data as user name/IP address pairs. When Filtering Service receives the IP address of a machine making an Internet request, it consults its user map to match the address with a user name, allowing users to be identified transparently. Filtering Service then applies the policies assigned to those users or groups.
The product can be configured to prompt users to manually authenticate if it cannot obtain user information via Logon Agent. When manual authentication is enabled, users who cannot provide a valid user name and password are blocked from Internet access.
If a user cannot be identified transparently, and manual authentication is not enabled, Filtering Services applies computer or network (IP address-based) policies, or the Default policy, to user requests.
 

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Using Logon Agent for Transparent User Identification > Components used for transparent identification with Logon Agent
Copyright 2016 Forcepoint LLC. All rights reserved.