Create an Identity Policy with a Passive Authentication Rule
This task discusses how to create an identity policy with a passive authentication rule that authenticates users using the US realm sequence. If a user is not found in the first realm in the sequence, the system searches the other realms in the sequence in the order listed in the realm sequence. If a user is still not found in the realm or realm sequence, the user is identified as Unknown.
You can optionally authenticate a user with the captive portal (that is, active authentication) if the user is not found in any realm in the sequence. For more information, see Captive Portal Guidelines and Limitations.
Procedure
| 1 |
Log in to the management center. |
| 2 |
Click . |
| 3 |
Click New Policy. |
| 4 |
Enter a Name for the policy and an optional Description. |
| 5 |
Click Save. |
| 6 |
Click Add Rule. |
| 7 |
Enter a Name for the rule. |
| 8 |
From the list, click Passive Authentication. |
| 9 |
Click the Realms & Settings tab page. |
| 10 |
From the list, click the name of a realm or realm sequence. The following figure shows an example.
The following figure shows a sample passive identity policy configured to search for users in the US realm sequence.
|
| 11 |
(Optional.) To filter traffic by network object, click the Identity Source tab. From the list, click the network object to use to filter traffic for this identity policy. Click Add ( |
| 12 |
Set identity rule conditions as discussed in Identity Rule Conditions. |
| 13 |
Associate the identity rule with an access control rule as discussed in Associating Other Policies with Access Control. |
| 14 |
Deploy configuration changes to managed devices; see Deploy Configuration Changes. |
) to create a new network object.