How is guest authentication configured?
How are non-domain workstations allowed access to the Internet while authenticating domain computers?
The ProxySG appliance has transparent authentication configured for users who authenticate to the Windows Active Directory. When a user who does not have rights on the domain visits the office, it is desirable to provide them with access to Internet resources without configuring a user account for them on the domain.
When setting up guest Authentication policy there are a couple of things that will need to be determined:
Configure a second Web Authentication Layer (using step 3 above as a template), labeled 'Guest authentication' and configure a rule in this layer as follows:
Ensure policy ordering matches with policy best practices. With regard to these two authentication layers, position the Web authentication layer first and then to its right, the guest authentication layer.
** As a further recommendation, web access layer rules can be defined with a source of 'guest user'. This can allow a proxy administrator to craft rules to define where a guest user is permitted to go, while still permitting standard levels of access for all authenticated users.
Note: If a transaction matches both a regular authentication action and guest authentication action, the appliance attempts regular authentication first. This can result in a user challenge before failing over to guest authentication. If a user enters invalid credentials and is thus allowed guest access, they must log out as guest or close and reopen the browser if using session cookies or connection surrogates. They can then enter the correct credentials to obtain regular access.
For additional information regarding guest authentication, please see the Enhanced Authentication Use Cases technical brief.