User Guide

OmniAccess SafeGuard OS Administration Guide

234

Chapter 6: Configuring Authentication and Role Derivation

Configuring Device Authentication Lists

Sometimes the normal authentication process needs to be circumvented for a user or a

process. SafeGuard OS allows for the creation of special lists—authentication lists—to

handle these situations. This chapter explains how to configure those authentication lists.

The authentication manager allows you to use these special purpose lists:

■ White list – Allows you to authenticate a user manually. The white list is a

mechanism to pre-provision a users’ authentication status. When traffic is seen

from a new host, the authentication system consults the white-lists for an entry

that matched based on some criteria. If a match is found, the system simulates a

user authentication event, which results in the host being automatically

authenticated.

There are two types of white list:

— Simple – Identifies the user being placed on the white list by IP address,

subnet mask, MAC address, or MAC mask.

— Extended – Identifies the user by using an extensive set of attributes gathered

from mapping and authentication events.

■ Grey list – Allows you to run scripts on a user’s machine without logging the

credentials of the administrator.

See the following sections for more details:

■ Configuring Simple White Lists

■ Configuring Extended White Lists

■ Configuring Grey Lists

Configuring Simple White Lists

This section describes how to create, remove, and display a simple white list. See the

following sections for more details.

■ Creating a Simple White List

■ Removing a Simple White List Entry

■ Displaying a Simple White List

Creating a Simple White List

Use the simple form of white list when the IP or MAC address information is readily

available, or when backwards compatibility to older releases is desired.