Skip to main content



Cisco Defense Orchestrator

Configure the Firepower Identity Policy Default Action

The identity policy has a default action, which is implemented for any connections that do not match any individual identity rules.

In fact, having no rules is a valid configuration for your policy. If you intend to use passive authentication on all traffic sources, then simply configure Passive Authentication as your default action.


  1. Open the Devices & Services page, select the device for which you are configuring an identity policy, and click policy_shield_icon.png Policy in the Management pane on the right. 
  2. Click Identity in the Policy bar. 
  3. Configure Identity Policy Settings if you have not done so already.
  4. At the bottom of the screen, click the Default Action button and choose one of the following:
  • Passive Auth-User identity will be determined using all configured passive identity sources for connections that do not match any identity rules. If you do not configure any passive identity sources, using Passive Auth as the default is the same as using No Auth.

  • No Auth—User identity will not be determined for connections that do not match any identity rules.

  1. Review and deploy now the changes you made, or wait and deploy multiple changes at once. 
  • Was this article helpful?