We are transitioning from the on-premise Ironports to the WSA + CWS.
On the current Ironports we use several different identities and apply different access polices based off the identity. For example, some identities are defined by active directory group, IP subnet, etc. Different rule sets are applied based off which identity is used. In addition, we also use identities that are established based off a Custom URL list and browser user-agent.
There doesn't seem to be any way in the WSA / CWS to identify and establish a policy based off user-agent or custom URL lists. While I can create these identities within WSA there doesn't appear to be any means of applying a filter/rule to them.
I would like to be able to define an identity in the WSA and then apply a rule to that identity in CWS. However, it appears that only IP subnet/address and Active Directory are supported "Who" types in the CWS.
Any recommendations?