WSA - S170 Transparent authentication for users

Deepak Ambotkar · ‎08-09-2016

Hello experts,

I am planning to deploy WSA 170 & few VM based for the client.

The client said he would like to use LDAP (based on AD) (they are using for existing setup that will be replaced by Cisco WSA) and would like to transparently authenticate users without having to enter username/password while accessing the Internet (all protocols).

Could you please let me know how to setup this and if there is a setting to 'no authentication' or transparent authentication.

I saw somewhere about the IP based authentication however I could not find the configuration guide for this step.

Please let me know.

Thanks,

Deepak A.

Tao Yang · ‎08-09-2016

Create an authentication realm for WSA and then either NTLM or Kerberos should be able to perform the transparent authentication.

Deepak Ambotkar · ‎08-10-2016

Hi Tao,

Thank you for the reply.

If we choose to use NTLM, does my customer need to install CDA agent. The customer is not happy to install anything extra but he wants a transparent authentication by using either AD or LDAP without need to enter the username/password.

For LDAP, I read it needs to install e-directory on user machines which customer will not do.

Please let me know which one is simplest without requiring to install any new software AD or LDAP and not entering username/password on the browser?

Thanks,

Deepak A.

Tao Yang · ‎08-10-2016

You don't need to install CDA for NTLM and you should use NTLM instead of LDAP as LDAP does not support transparent authentication.