User Identification

Administration > IWSVA Configuration > User Identification | User Identification

User Identification Method

If you do not use an LDAP server on the network, choose your preferred method of user identification for use in reports, logs, notification messages, and for creating scan policies. Changing the user identification method can affect any existing policies you might have created, as well as logs and reports.

If IWSVA is in the proxy mode and you have an LDAP server on the network, choose the user and group name authentication and contact your LDAP administrator to obtain the various attribute settings.

IWSVA supports the following user identification methods:

• No identification—(Not recommended) Logged events and reports will be anonymous; URL Filtering and other policies are created based IP addresses.

• IP address—In event logs, the IP address of the machine is recorded; the ID is not tied to a particular set of log in credentials.

• Host name (modified HTTP headers)—Use this option to create group policies based on host name.

• Notes:
  1. Host name identification is only supported for end-users browsing with Internet Explorer on Microsoft Windows platforms.
  2. Because IWSVA is unable to obtain host name information before decrypting HTTPS contents, IWSVA does not support host name identification for HTTPS decryption policies in the bridge or WCCP modes.
  3. You can use the configure module identification mac_address enable command in the CLI to include the machine address (MAC) of the client computers in event logs, reports, and notifications. You must run the register_user_agent_header.exe file on each client.

• Warning: Before choosing the Host name, you need to prepare all clients on the LAN by running the register_user_agent_header.exe file on each client. This file can be found as part of the installation package. You can conveniently run this file by adding it to your Windows domain login script (or by creating one for just this purpose).

• User/group name authentication—Choose this option if you have an LDAP server set up on the network. If you are using IWSVA with a downstream proxy, see Disable User ID Cache.

See also:

• LDAP Settings

• LDAP Authentication Methods

• LDAP Authentication Whitelist

• Enable Referral Chasing

• Disable User ID Cache

• Transparent Identification

• Transparent Identification Settings

• Notes on LDAP Authentication in Transparent Mode

• How to Identify Clients by MAC Addresses