You configure authentication for the users of your network to ensure that they cannot access the web if they do not submit appropriate information about themselves. The authentication process looks up user information, for example, in an internal database or on a web server and blocks or allows access accordingly.
An authentication process is not implemented by default on Secure Web Gateway after the initial setup. You can implement a process by importing suitable rule sets from the rule set library.
You can configure these rules sets and the settings that are implemented together with them to meet the requirements of your organization.
- Authentication rule sets — These rule sets include the rules that enable and control the authentication process.
An authentication rule set usually includes a rule that asks an unauthenticated user to authenticate and blocks requests from users who are not successfully authenticated.
There can also be bypassing rules that allow users to skip authentication. Skipping might be allowed, for example, based on the user group that a user belongs to or on the URL of a requested web object.
Authentication settings — These are settings for the Authentication module (engine).
This module is a component of Secure Web Gateway that retrieves information about users from databases. The module is called when an authentication rule needs to know whether a user who requests access to the web is authenticated.
By configuring these settings you can, for example, choose the authentication method that is used to retrieve information and configure specific settings for this method.
The following table shows the authentication methods you can choose.
For more information about common authentication settings and settings that are specific to any of these methods, see Authentication Settings.
Authentication method How it retrieves user information NTLM Uses a database on a Windows domain server. NTLM Agent Uses an external agent on a Windows-based system for applying the NTLM authentication method. User Database Uses an internal database on the appliance. LDAP Uses a database on an LDAP server.
Alternatively, you can configure LDAP Digest Authentication and also Secure LDAP (LDAPS) using LDAP version 3.
RADIUS Uses a database on a RADIUS server. Kerberos Uses a database on a Kerberos server. Authentication Server Uses a database on another external server. One-time Password Uses a One-Time Password (OTP) server.
You can configure authentication to cover the different protocols for web access, for example, HTTP, HTTPS, or FTP.
You can also control administrator access to an appliance by setting up administrator accounts and roles. For more information, see About Administrator Accounts.