You need to choose an authentication method for the Web Security Service.
There are five main ways to authenticate users in the ThreatPulse service:
Each authentication method is designed to fit various environments.
Below is a table of each authentication method, the surrogate type used and which access methods are supported:
Authentication Method: | Challenge based: | Surrogate Type: | Supported Access methods: | |||
IPSEC | Explicit | Unified Agent | Proxy Forwarding | |||
SAML | Yes | Cookie | Yes | Yes | No | No |
Captive Portal | Yes | IP | Yes | Yes | Yes | No |
Roaming Captive Portal | Yes | Cookie | No | Yes | No | No |
SSO (IP-to-User) | No | IP | Yes | No | No | No |
HTTP Header Injection | Yes/No depends on ProxySG config | None | No | No | No | Yes |
Example: If you have a Citrix rich environment, you would need to use SAML authentication or Roaming Captive portal because it supports cookie based surrogates.
For more information regarding authentication methods, please visit the Auth Method section of our Access Method WebGuide here.