Choose an authentication method
search cancel

Choose an authentication method


Article ID: 165551


Updated On:


Cloud Secure Web Gateway - Cloud SWG


You need to choose an authentication method for the Web Security Service.


There are five main ways to authenticate users in the ThreatPulse service:

  • SAML
  • Captive Portal
  • Roaming Captive Portal
  • SSO (IP-to-User)
  • HTTP Header Injection


Each authentication method is designed to fit various environments.

Below is a table of each authentication method, the surrogate type used and which access methods are supported:


Authentication Method: Challenge based: Surrogate Type: Supported Access methods:      
      IPSEC Explicit Unified Agent Proxy Forwarding
SAML Yes Cookie Yes Yes No No
Captive Portal Yes IP Yes Yes Yes No
Roaming Captive Portal Yes Cookie No Yes No No
SSO (IP-to-User) No IP Yes No No No
HTTP Header Injection Yes/No depends on ProxySG config None No No No Yes


Example: If you have a Citrix rich environment, you would need to use SAML authentication or Roaming Captive portal because it supports cookie based surrogates.


For more information regarding authentication methods, please visit the Auth Method section of our Access Method WebGuide here.