Procedure
Before you begin
Ensure that time settings are consistent among the directory servers, FDM-managed device, and clients. A time shift among these devices can prevent successful user authentication. "Consistent" means that you can use different time zones, but the time should be the same relative to those zones; for example, 10 AM PST = 1 PM EST.
Procedure
Step 1 | In the left pane, click . |
Step 2 | Click the Devices tab to locate the device or the Templates tab to locate the model device. |
Step 3 | Click the FTD tab and select the device for which you are configuring an identity policy, and click Policy in the Management pane at the right. |
Step 4 | Enable Identity policies by clicking the Identity toggle. Or, you can click the button, review the descriptions of passive and active authentication and click Enable in the dialog. |
Step 5 | Read the Passive Authentication settings. Click the Passive Auth button on the identity bar. The Passive Authentication button shows Enabled if you have configured remote access VPN or Cisco Identity Services engine using Firepower Device Manager. You must have configured at least one passive identity source to create passive authentication rules. |
Step 6 | Configure Active Authentication. When an identity rule requires active authentication for a user, the user is redirected to the captive portal port on the interface through which they are connected and then they are prompted to authenticate. |
Step 7 | Continue with Configure the Identity Policy Default Action. |