Go to the table of contents Go to the previous page Go to the next page View or print as PDF
User Identification for Policy Enforcement > Configuring user identification and authentication
Configuring user identification and authentication
Administrator Help | Forcepoint Web Security and Forcepoint URL Filtering | v8.5.x
Related topics:
Use the Settings > General > User Identification page to manage when and how on-premises web protection software attempts to identify users in the network in order to apply user- and group-based policies.
*
*
*
*
If you are using transparent identification agents, the agents are listed under Transparent Identification Agents:
*
Server shows the IP address or name of the machine hosting the transparent identification agent.
*
Port lists the port that web protection software uses to communicate with the agent.
*
Type indicates whether the specified instance is a DC Agent, Logon Agent, RADIUS Agent, or eDirectory Agent. (See Identifying on-premises users transparently for an introduction to each type of agent.)
To add an agent to the list, select the agent type from Add Agent drop-down list. Click one of the following links for configuration instructions:
*
*
*
*
To remove an agent instance from the list, mark the checkbox next to the agent information in the list, and then click Delete.
If you have one or more DC Agent instances, under DC Agent Domains and Controllers, click View Domain List for information about which domain controllers the agents are currently polling. See Reviewing DC Agent polled domains and domain controllers for more information.
Under User Identification Exceptions, list the IP addresses of machines that should use different user identification settings than the rest of your network.
For example, if you use Content Gateway, a transparent identification agent, or a third-party integration product to identify users, and have enabled manual authentication to prompt users for their credentials when they cannot be identified transparently, you can identify specific machines on which:
*
*
*
To create an exception, click Add, and then see Setting authentication rules for specific machines. To remove an exception, mark the check box next to an IP address or range, then click Delete.
Under Additional Authentication Options, specify the default response of web protection software when users are not identified transparently:
*
Click Apply computer or network policy to ignore user and group-based policies in favor of computer and network-based policies, or the Default policy.
*
Click Prompt user for logon information to require users to provide logon credentials when they open a browser. User and group-based policies can then be applied (see Manual authentication).
Specify the Default domain context that web protection software should use any time a user is prompted for log on credentials. This is the domain in which users' credentials are valid.
If you use the Exceptions list to specify any machines on which users are prompted for logon information, this default domain context is used, even if the global rule is to apply a computer or network-based policy.
When you are finished making changes on this page, click OK to cache your changes. Changes are not implemented until you click Save and Deploy.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
User Identification for Policy Enforcement > Configuring user identification and authentication
Copyright 2020 Forcepoint. All rights reserved.