guys Authentication questions

kareem_alsawaf · ‎03-15-2013

I have a network with many subnets and i want to run the authentication based on the security groups in the Active directory, but i am confused how could i do the identity, how should i configure it.

should i ask authentication for all, but how could i specifiy the group in the Active Directory because i want to treat the users based on their groups??

And i want to run SSO also, could you help me with a detailed steps???

Thanks alot

Jennifer Halim · ‎03-17-2013

Where exactly do you want to configure the authentication? ON ASA? WSA? ScanSafe Connector? and what are you trying to use the authentication for? Web traffic? IDFW? VPN?

kareem_alsawaf · ‎03-17-2013

i want to configure it on the WSA and this authentication will be for Web traffic

Jennifer Halim · ‎03-17-2013

Sure you can..

Here is the configuration guide for your reference:

http://www.cisco.com/en/US/docs/security/wsa/wsa7.5/user_guide/WSA_7.5.0_UserGuide.pdf

Authentication starts from chapter 20 (page: 20-1), and for SSO, you would need to use NTLM.

Hope that helps.

kareem_alsawaf · ‎03-17-2013

I know the configuration Guide but i want a detailed Step by Step for the Identity and the Realm and the policy and the SSO. If you can help.

Jennifer Halim · ‎03-17-2013

Well, the config guide provides you with detailed step by step information on how to configure each section

Of course it doesn't provide you with a specific scenario of how to configure the authentication then the identity, etc etc as there will be many different scenarios to configure it.

You can search the following knowledge based article for a more specific steps:

https://ironport.custhelp.com/

Example of article: How do I create Access Policy Groups that match Active Directory Groups?

https://ironport.custhelp.com/app/answers/detail/a_id/1295/kw/how%20to%20configure%20identity/related/1