Configuring Browser-Based Authentication in SmartConsole
In the section of the Identity Awareness page, select to send unidentified users to the Captive Portal.
If you configure Transparent Kerberos Authentication, the browser tries to identify AD users before sending them to the Captive Portal.
If you already configured the portal in the Identity Awareness Wizard or SmartConsole, its URL shows below .
To configure the Browser-Based Authentication settings:
- Select and click .
- From the window, configure:
- Portal Network Location
Select if the portal runs on this Security Gateway or a different Identity Awareness enabled Security Gateway. The default is that the Captive Portal is on the Security Gateway. The Security Gateway redirects unidentified users to the Captive Portal on the same Security Gateway. This is the basic configuration.
A more advanced deployment is possible where the portal runs on a different Security Gateway. See the Deployment section for more details.
- Access Settings
Click to open the window. In this window, you can configure:
- Authentication Settings
Click to open the window. In this window you can configure:
The default is that all user directory options are selected. You might choose only one or two options if users are only from a specified directory or directories and you want to maximize Security Gateway performance when users authenticate. Users with identical user names must log in with domain\user.
- Customize Appearance
Click to open the window and edit the images that users see in the Captive Portal. Configure the labeled elements of the image below.
Label Number
|
Name
|
To do in GUI
|
1
|
Portal Title
|
Enter the title of the portal. The default title is .
|
2
|
Company Logo
|
Select and to select a logo image for the portal.
|
2
|
Company Logo for mobiles
|
Select and to select a smaller logo image for users who access the portal from mobile devices.
|
- User Access
Configure what users can do in the Captive Portal to become identified and access the network.
- - Users are prompted to enter an existing username and password. This will only let known users authenticate.
- - Let guests who are not known by the Security Gateway access the network after they enter required data.
- Endpoint Identity Agent Deployment from the Portal
If is selected as a method to acquire identities, you can require users to download the Endpoint Identity Agent from the Captive Portal. You can also let users install the Endpoint Identity Agent on a specified later date and not right away.
- - Select this to make users install the Endpoint Identity Agent. Select which Endpoint Identity Agent they must install. If this option is selected and the option is not selected, users are not able to access the network if they install the Endpoint Identity Agent.
- - Select to give users flexibility to choose when to install the Endpoint Identity Agent. Select the date by which they must install it. Until that date a option shows in the Captive Portal.
Note - When you enable Browser-Based Authentication on an IPSO Security Gateway that is on an IP Series appliance, make sure to set the Voyager management application port to a port other than 443 or 80.
Portal Network Location
Select if the portal runs on this Security Gateway or a different Identity Awareness enabled Security Gateway. The default is that the Captive Portal is on the Security Gateway. The Security Gateway redirects unidentified users to the Captive Portal on the same Security Gateway. This is the basic configuration.
A more advanced deployment is possible where the portal runs on a different Security Gateway. See the Deployment section for more details.
Access Settings
Click to open the window. In this window, you can configure:
Authentication Settings
Click to open the window. In this window you can configure:
The default is that all user directory options are selected. You might choose only one or two options if users are only from a specified directory or directories and you want to maximize Security Gateway performance when users authenticate. Users with identical user names must log in with domain\user.
Customize Appearance
Click to open the window and edit the images that users see in the Captive Portal. Configure the labeled elements of the image below.
Label Number
|
Name
|
To do in GUI
|
1
|
Portal Title
|
Enter the title of the portal. The default title is .
|
2
|
Company Logo
|
Select and to select a logo image for the portal.
|
2
|
Company Logo for mobiles
|
Select and to select a smaller logo image for users who access the portal from mobile devices.
|
User Access
Configure what users can do in the Captive Portal to become identified and access the network.
- - Users are prompted to enter an existing username and password. This will only let known users authenticate.
- - Let guests who are not known by the Security Gateway access the network after they enter required data.
Name and Password Login Settings
Click to configure settings for known users after they enter their usernames and passwords successfully.
Unregistered Guest Login Settings
Click to configure settings for guests.
- - For how long can they access network resources before they have to authenticate again.
- - Makes users sign a user agreement. Click to choose an agreement and the End-user Agreement Settings page opens. Select an agreement to use:
- - Select this to use the standard agreement. See the text in the . Replace with the name of your company. This name is used in the agreement.
- - Paste the text of a customized agreement into the text box. You can use HTML code.
- - Edit the table shown until it contains the fields that users complete in that sequence. Select for each field that guests must complete before they can get access to the network. To add a new field, enter it in the empty field and then click . Use the green arrows to change the sequence of the fields. The first field will show the user name in > .
Endpoint Identity Agent Deployment from the Portal
If is selected as a method to acquire identities, you can require users to download the Endpoint Identity Agent from the Captive Portal. You can also let users install the Endpoint Identity Agent on a specified later date and not right away.
- - Select this to make users install the Endpoint Identity Agent. Select which Endpoint Identity Agent they must install. If this option is selected and the option is not selected, users are not able to access the network if they install the Endpoint Identity Agent.
- - Select to give users flexibility to choose when to install the Endpoint Identity Agent. Select the date by which they must install it. Until that date a option shows in the Captive Portal.