Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Web Security Appliance S170
161162163164165166167168169170
CONFIGURING IDENTITIES IN OTHER POLICY GROUPS
CHAPTER 7: IDENTITIES 143
Note — If an Identity group becomes disabled, then that Identity group is removed (not
disabled) from any non-Identity policy group that used it. If the Identity group becomes
enabled again, the non-Identity policy groups that previously used the Identity do not
automatically include the enabled Identity. Identity groups become disabled due to a deleted
authentication realm or sequence.
To configure Identity group information in a policy group:
1. Create a new policy group or edit the membership of an existing policy group for Access,
Decryption, Routing, Data Security, or External DLP Policy.
2. Scroll down to the Identities and Users section.
3. Choose one of the following options from the dropdown menu:
Select One or More Identities. This option allows you to configure specific Identity
groups. Go to step 4.
All Identities. This option specifies all configured Identity groups. Go to step 5.
4. Under the Identity column, choose the Identity group to apply to this policy group.
5. If you choose an Identity that requires authentication, you can specify which users are
authorized for this policy group. These users must authenticate. In the Authorized Users
and Groups column, choose one of the following options:
All authenticated users. You can configure the Identity in this policy group to apply to
all users in the Identity group by default. If the Identity group specifies an
authentication sequence, you can configure this policy group to apply to one
authentication realm or all realms in the sequence.
Selected Groups and Users. You can configure the Identity in this policy group to
apply to specific users. You can define users by group object or user object. Click the
link for either Groups or Users, and enter the group or user information on the page
that opens.
When you add groups of users for an Identity using an NTLM authentication realm,
the Edit Groups page displays the first 500 matching entries, omitting built-in groups.
Guests (users failing authentication). If the Identity group allows guest access, you
can configure this policy group to apply to all users who fail to authenticate in this