Active authentication using a realm

This task authenticates captive portal users with a realm and any available authentication protocol (currently, HTTP Basic, NTLM, Kerberos, HTTP Negotiate, or HTTP Response Page).

Active authentication using a realm provides secure user verification for captive portal access by integrating with your organization's authentication infrastructure.

Before you begin

Complete the task discussed in Create a sample identity policy with an active authentication rule.

Procedure

Step 1

Continue from Create a sample identity policy with an active authentication rule.

Step 2

On the Realms & Settings tab page, click US-East.

Step 3

From the Authentication Protocol list, click NTLM.

The following figure shows an example.

The figure illustrates the process of authenticating captive portal users using a realm, highlighting how the system searches for users within the selected realm and identifies unknown users when no match is found.

If you choose a realm (such as in the example), the system searches that realm for users to match the rule. If a user is not found, the user is identified as Unknown.

Step 4

Click Add.

Step 5

(Optional.) To filter traffic by network object, click the Identity Source tab. From the list, click the network object to use to filter traffic for this identity policy. Click Add (add icon) to create a new network object.

Step 6

Set identity rule conditions as discussed in Identity rule conditions.

Step 7

Associate the identity rule with an access control rule as discussed in Associating other policies with access control.

Step 8

Deploy configuration changes to managed devices; see Deploy Configuration Changes.