User rule conditions
A user rule condition is a traffic matching mechanism that
-
matches traffic based on whether the user initiating the connection or the group to which they belong
-
can be configured for users in Microsoft Active Directory realms only, and
-
enables policy enforcement based on user identity and group membership.
Special identities users
In addition to configuring users and groups for configured realms, you can set policies for the special identities users:
-
Failed Authentication: User who failed authentication with the captive portal.
-
Guest: Users configured as guest users in the captive portal.
-
No Authentication Required: Users that match an identity No Authentication Required rule action.
-
Unknown: Users that cannot be identified such as users who are not downloaded by a configured realm.
For access control rules only, you must first associate an identity policy with the access control policy as discussed in Associating other policies with access control.
User rule condition example
Configure a Block rule to prohibit anyone in the Finance group from accessing a network resource.