Security policies, firewall rules, safe browsing rules and many other features of UserGate can be applied to users or groups of users. Since policies can be applied only to the selected users, network administrators can flexibly adapt the entire network to the company's needs.
Identification of users is a core feature of UserGate. A user is identified when the system is able to exactly match their identity with the IP address of the device from which they are currently logged in. UserGate offers multiple mechanisms of user identification:
-
Identification by explicitly provided IP address
-
Identification by username and password
-
Identification of users of terminal servers from Microsoft using a special terminal service agent
-
Identification of users via an authentication agent (for Windows-based systems)
-
Identification based on NTLM and Kerberos
Identification of users by username and password is performed via the Captive portal which, in turn, can be configured to identify users via Active Directory, Radius, Kerberos or a local user database.
UserGate supports the following types of users:
|
Name |
Description |
|---|---|
|
Unknown user |
Represents a set of users not identified by the system |
|
Known user |
Represents a set of users identified by the system. Various user identification methods are described below in more detail. |
|
Any user |
The Any user is the set of Known users plus the set of Unknown users |
|
Certain user |
The Certain user represents users fully identified and authorized by the system, e.g. DOMAIN\User authorized through an Active Directory domain. |
Users and groups of users can be registered directly on the UserGate device - these are the so-called local users and groups or get from external directories, such as Microsoft Active Directory.