Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configure the Hybrid Service > Define custom authentication settings for the hybrid service > Adding custom authentication rules for the hybrid service
Adding custom authentication rules for the hybrid service
Administrator Help | Forcepoint Web Security  | v8.5.x
Use the Custom Authentication > Add Custom Authentication Rule page to define one or more user agents, domains, or URLs that are failing to authenticate with the hybrid service.
1.
Enter a Name for the rule. The name must be between 1 and 50 characters long, and cannot include any of the following characters:
* < > { } ~ ! $ % & @ # . " | \ & + = ? / ; : ,
Names can include spaces, dashes, and apostrophes.
2.
Define the User agents, if any, for the rule:
*
To match against all user agent strings, select All user agents. You might do this to set up a custom rule that applies to all browsers on all operating systems in your organization.
*
This option matches against all applications that do not send a user agent. In this case, refine the rule by entering one or more URLs or domains in the Destinations field.
*
To apply the custom authentication to one or more user agents, select Custom user agents. Enter each user agent on a separate line. Use the asterisk wildcard to match one line to multiple user agent strings, for example Mozilla/5.0*.
 
Note 
3.
*
To match against all URLs and domains, select All destinations. You might want to do this if you are setting up a custom rule that applies to a specific user agent that accesses multiple sites.
*
To apply the custom authentication to one or more specific domains or URLs, select Custom destinations. Enter each URL or domain on a separate line.
URLs must include the protocol portion (http://) at the beginning and a forward slash (/) at the end (for example, http://www.google.com/). If these elements are not present, the string is treated as a domain. Domains cannot include a forward slash at the end (for example, mydomain.com).
Use the asterisk wildcard to match one line to multiple destinations: for example, entering *.mydomain.com would match against all domains ending in "mydomain.com."
4.
Select the Authentication method for the custom rule.
 
Note 
*
Default: Uses your default authentication method.
*
NTLM: Uses NTLM identification for the specified user agents and destinations. If an application is not NTLM-capable, basic authentication is used instead.
*
Secure form authentication: Uses secure form authentication to display a secure logon form to the end user. For more information, see Identification and authentication of hybrid users.
*
Basic authentication: Uses the basic authentication mechanism supported by many Web browsers. No welcome page is displayed. For more information about basic authentication, see Identification and authentication of hybrid users.
*
Welcome page: Displays a welcome page to users before they use basic authentication to proceed.
*
None: Bypasses all authentication and identification methods in the hybrid service. Select this option for Internet applications that are incapable of authentication.
5.
Optionally, select Bypass content scanning to bypass all filtering for the specified user agents and destinations.
 
Important 
Select this option only for applications and sites that for some reason do not work well with the hybrid service, and that you trust implicitly. Selecting this option could allow viruses and other malware into your network.
6.
Click OK to return to the Custom Authentication page, and then click OK again to cache your changes. Changes are not implemented until you click Save and Deploy.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configure the Hybrid Service > Define custom authentication settings for the hybrid service > Adding custom authentication rules for the hybrid service
Copyright 2018 Forcepoint. All rights reserved.