In the ProxySG appliance Active Directory domain, users can be forced to re-enter the credentials when an exception occurs. This generates a pop-up on the browser (even if the user is previously authenticated) to re-enter the domain credentials. Users may enter a different domain credential at this point.

Do the following to allow users to re-authenticate, for example, while policy is blocking www.facebook.com. 

Note:  An authentication policy (for example, using the web authentication layer) must be configured to test the following policy.

1. In the Management Console, select Configuration > Policy > Visual Policy Manager. Click Launch.
2. In the Web Access Layer, in the Destination column, right click and select Set. Select New > Destination Host/Port.
3. Add facebook.com for the Host and click Add > OK.
   
4. In the Action column, right click and select Set . Select New >  Return Exception. 
5. Select a built-in or user-defined exception as required.
6. Select Allow re-authentication, and then click OK > OK.
   
7. Click Install to install the policy. 
8. Test the policy: use any browser make a request on http://www.facebook.com.
   The expected outcome is that the user sees an authentication prompt to re-enter credentials.