This article describes how to create an authorization rule on ProxySG for AD group/user with Integrated Windows Authentication (IWA) realm.
The environment uses any of the below authentication realms:
One of the benefits of IWA is that it automatically returns authorization information for a user in response to an authentication request. You do not have to perform any additional configuration to get authorization to work. After successfully authenticating a user, the appliance receives a list of all groups (IWA Direct) or groups of interest (IWA BCAAA) to which the user belongs.
This section describes how to create a policy using the Visual Policy Manager (VPM). You can also create policy using the Content Policy Language (CPL).
1. Launch the VPM.
a. From the Management Console, select Configuration > Policy > Visual Policy Manager.
b. Click Launch.
2. Create a Web Access Layer:
a. Select Policy > Add Web Access Layer.
b. Enter a Layer Name or accept the default name and then click OK.
3. Specify the user or group to authorize (the source):
a. In the Source column of the first row, right-click and then select Set. The Set Source Object dialog displays.
b. Click New and then select the type of Active Directory object this rule will authorize:
c. Select the IWA realm from the Authentication Realm drop-down list.
d. Specify the name of the Active Directory user or group that rule will authorize:
e. Click OK to close the Add Group Object or Add User Object dialog.
f. Click OK to close the Set Source Object dialog.
4. Specify whether to allow or deny requests from the specified user or group:
a. Right-click the Action column.
b. Select one of the following options:
If you aren't sure what the default proxy policy is set to on your appliance,
go to Configuration > Policy > Policy Options.
5. (optional) Define any additional parameters that you want this rule to enforce.
6. To create additional authorization rules, repeat Steps 3 through 5.
7. Click Install policy.
8. Click OK to acknowledge that the policy was successfully installed.
*The above information can be found in the Secure Gateway Operating System (SGOS) Admin guide for all GA releases.