If the user identification agent is unable to associate a user with an IP address, a captive portal can take over and authenticate the user with a web form.
To receive the web form, users must be using a web browser and be in the process of connecting. Upon successful authentication, users are automatically directed to the originally requested website. The Cloud Edge appliance can now execute policies based on the user information for any applications passing through the appliance, not just for applications that use a web browser.
The following rules apply to Captive Portal:
If the above-mentioned Captive Portal rules do not apply because the traffic is not HTTP or there is no rule match, then the Cloud Edge appliance applies its IP address-based security policies.
The Cloud Edge appliance validates the user name and password against existing hosted users. If successfully authenticated, the Cloud Edge appliance adds the IP address-to-user mapping to local cache for the time-to-live (TTL) life cycle. If authentication fails, the user is notified that authentication was not successful.
Administrators can design and create the text that users see when they sign on. The customizable message includes:
A welcome message
External HTTP link (URL)