User Rule Conditions

Matches traffic based the user who initiates the connection, or the group to which the user belongs. For example, you could configure a Block rule to prohibit anyone in the Finance group from accessing a network resource.

You can configure user rule conditions for users in Microsoft Active Directory realms only.

In addition to configuring users and groups for configured realms, you can set policies for the following Special Identities users:

• Failed Authentication: User that failed authentication with the captive portal.

• Guest: Users configured as guest users in the captive portal.

• No Authentication Required: Users that match an identity No Authentication Required rule action.

• Unknown: Users that cannot be identified; for example, users that are not downloaded by a configured realm.

For access control rules only, you must first associate an identity policy with the access control policy as discussed in Associating Other Policies with Access Control.