Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Web Protection Clients > Changing client settings > Account override
Account override
Administrator Help | Forcepoint Web Security and Forcepoint URL Filtering | v8.5.x
Account override allows users to change the credentials used to apply a policy to a request.
If, for example, users access the Internet from a kiosk machine, or from a machine where they log on using a local account, rather than a network account, administrators can associate account override permissions with the computer or network (IP-address-based) client.
Account override permissions can also be given to directory clients (users, groups, and OUs).
When user requests are blocked by the current policy, and account override permissions are assigned to the client being filtered (whether that is an IP address or a directory client), the block page includes an Enter New Credentials button. The user can then provide a user name and password.
Once the user clicks Switch Credentials, Filtering Service identifies the policy assigned to the new account, then applies that policy to the request.
*
If the new policy permits the request, the user can access the site.
*
If the new policy blocks the request, the user sees another block page.
In other words, unlike password override, using the account override option does not guarantee access to a blocked site. Instead, it changes the policy used to filter the request.
The new policy is applied to additional requests on that machine for the time period specified on the Settings > General > Filtering page (5 minutes, by default). See Configuring filtering settings.
 
* 
Important 
In multiple Filtering Service deployments, State Server is required for correct allocation of account override time. See Policy Server, Filtering Service, and State Server for more information.
If, after successfully switching credentials, the user wants to leave the machine before the account override period has ended, the override session can be ended manually by entering the following URL:
http://<Filtering_Service_IP_address>:15871/cgi-bin/cancel_useraccount_overrider.cgi
You may want to configure this URL as a browser bookmark on machines where the account override option is used.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Web Protection Clients > Changing client settings > Account override
Copyright 2022 Forcepoint. All rights reserved.