Skip to main content
Skyhigh Security

Authenticate Users

Authenticating the users of your network ensures that they cannot access the web if they do not submit appropriate information about themselves. The authentication process looks up user information, for example, in an internal database or on a web server and blocks or allows access accordingly.

This process includes several elements:

  • Authentication rules, which control the process
  • Authentication module, which is called by the rules to retrieve user information

An authentication process is not implemented by default on Web Gateway after the initial setup. You can implement a process by importing suitable rule sets from the rule set library and modify it to meet the requirements of your organization.

Authentication rules

Authentication rules usually include a rule that asks an unauthenticated user to authenticate and blocks requests from users who are not successfully authenticated.

There can also be whitelisting rules that allow users to skip authentication. Skipping might be allowed, for example, depending on the user group that a user belongs to or on the URL of a requested web object.

Rule sets for several authentication types and methods are available in the rule set library.

Authentication module

The Authentication module (engine) retrieves information about users from databases. The module is called by the rules that need to know whether a user who requests access to a web object is authenticated.

Methods of retrieving this information are:

  • NTLM — Uses a database on a Windows domain server.
  • NTLM Agent — Uses an external agent on a Windows-based system for applying the NTLM authentication method.
  • User Database — Uses an internal database on the appliance.
  • LDAP — Uses a database on an LDAP server.
  • Novell eDirectory — Uses data from a directory on a server that takes the role of an LDAP server.
  • RADIUS — Uses a database on a RADIUS server.
  • Kerberos — Uses a database on a Kerberos server.
  • Authentication Server — Uses a database on another external server.
  • One Time Password (OTP server) — Uses a One Time Password server.
  • SWPS (Skyhigh Security Client Proxy) — Uses Client Proxy credentials.

To select the authentication method and set other parameters of the authentication process, you configure the settings of the Authentication module.

  • Was this article helpful?