User Rule Conditions

User rule conditions match traffic based the user who initiates the connection, or the group to which the user belongs. For example, you could configure a Block rule to prohibit anyone in the Finance group from accessing a network resource.

For access control rules only, you must first associate an identity policy with the access control policy as discussed in Associating Other Policies with Access Control.

In addition to configuring users and groups for configured realms, you can set policies for the following Special Identities users:

• Failed Authentication: User that failed authentication with the captive portal.

• Guest: Users configured as guest users in the captive portal.

• No Authentication Required: Users that match an identity No Authentication Required rule action.

• Unknown: Users that cannot be identified; for example, users that are not downloaded by a configured realm.