When a user logs in to a website, the browser performs an HTTP POST request towards the website. This request has a "Request Body" attribute that includes user credentials. The proxy can inspect this request including the credentials that are being sent and apply policy to it.
The purpose of this article is to show how to allow a specific username and deny authentication attempts with other usernames.
The policy should look as follows: