You're looking for a way to add user email address into the custom header.
Fetching email address is only supported for IWA-Direct and SAML realms as stated in ProxySG Log Fields and Substitutions guide and requires additional configuration.
ProxySG is able to fetch user email for access logs and use them accordingly in custom policies.
1. We need to start and verify if user has assigned email address in AD
2. Edit via CLI our realm to fetch email information:
#(config) security iwa-direct edit-realm realm_name
This changes the prompt to:
#(config iwa-direct realm_name)
You can verify changes by checking realm settings via command
You can read more in CLI admin guide below:
ProxySG Command Line Interface Reference
3. You can add log field to your access log.
For more information please take a look into below guide:
ProxySG Log Fields and Substitutions
4. To see if proxy is fetching access log, you can add custom log field from above and start a access log trail from Statistics -> Access logging -> Start trail
5. As we have finally user email fetched, we want to create header that will include user email address. For this we can follow up with kb article:
Creating custom headers for ProxySG
6. At last as a good practice, we would like to verify changes and make sure that the header is inserted into the request. Easiest way to accomplish this is running packet capture or policy trace.
In below screenshot I followed up unencrypted http stream request to example.com:
In clear text we can see that our custom header contains my user email address.