Realm & Settings Rule Conditions
The Realm & Settings tab page enables you to choose a realm or realm sequence to which to apply the identity rule. If you are using captive portal, you have additional options.
Authentication Realm
From the Realm list, click a realm or realm sequence.
The realm or realm sequence containing the users you want to perform the specified Action on. You must fully configure a realm or realm sequence before selecting it as the realm in an identity rule.
Note | If remote access VPN is enabled and your deployment is using a RADIUS server group for VPN authentication, make sure you specify the realm associated with this RADIUS server group. |
Active authentication only: other options
If you either choose Active Authentication as the authentication type or if you check the box, Use active authentication if passive or VPN identity cannot be established, you have the following options.
- Use active authentication if passive or VPN identity cannot be established
-
(Passive authentication rule only.) Selecting this option authenticates users using captive portal active authentication if a passive or a VPN authentication fails to identify them. You must configure an Active Authentication rule in your identity policy in order to select this option. (That is, users must authenticate using the captive portal.)
If you disable this option, users that do not have a VPN identity or that passive authentication cannot identify are identified as Unknown.
Also see the discussion of the Authentication Realm list later in this topic,
- Identify as Special Identities/Guest if authentication cannot identify user
-
Selecting this option allows users who fail captive portal active authentication the specified number of times to access your network as a guest. These users appear in the management center identified by their username (if their username exists on the AD or LDAP server) or by Guest (if their user name is unknown). Their realm is the realm specified in the identity rule. (By default, the number of failed logins is 3.)
This field is displayed only if you configure Active Authentication (that is, captive portal authentication) as the rule Action.
- Authentication Protocol
-
The method to use to perform captive portal active authentication. .
The selections vary depending on the type of realm, LDAP or AD:
-
Choose HTTP Basic if you want to authenticate users using an unencrypted HTTP Basic Authentication (BA) connection. Users log in to the network using their browser's default authentication pop-up window.
Most web browsers cache the credentials from HTTP Basic logins and use the credentials to seamlessly begin a new session after an old session times out.
-