In configuring the SEP client to route traffic to the Web Security Service (WSS) using the SEP "tunnel" mode, what is the difference between the three options to identify user traffic: 

"Identify Traffic"

1. Based on the console user
2. Using WSS SAML authentication
3. Based on the running process

NOTE: these settings require SEP 14.3 RU5 (or later)

To access the "Identify Traffic" options for the SEP "tunnel" mode: 

1. Login to the SEP Manager (SEP-M)
2. Navigate to Policies -> Web and Cloud Access Protection
3. "Redirection Method" drop-down, select: Tunnel
4. "Identify Traffic" drop-down (options explained below)

Based on the console user:

• Accessed by RDP: NO
• Requires a WSS tunnel before login: NO
• Use on multi-user machine: NO

Using WSS SAML authentication:

• Accessed by RDP: YES
• Requires a WSS tunnel before login: YES
• Use on multi-user machine: NO

Based on the running process:

• Accessed by RDP: YES
• Requires a WSS tunnel before login: YES
• Use on multi-user machine: YES

The SEPM drop-down option of: "Using WSS SAML authentication" is equivalent to the WSSA command-line install option of: "AU=unauthenticated"

For example (WSSA): msiexec -i C:\downloads\wssa-installer.msi /passive AU=unauthenticated

• SEP Web and Cloud Access Protection (WCAP) - Tunnel Mode
• SEP reports “No user logged on at physical console” and fails to connect to WSS
• Hybrid Windows users are taking more than 2 minutes to login