Comodo Help
Find the desired product help
Comodo Secure Web Gateway

Comodo Secure Web Gateway

Secure Web Gateway Admin Guide

English

Print Help Download Help
Administration > Configure User Authentication Settings
  • Introduction To Comodo Secure Web Gateway
    • Purchase Licenses
    • Login To The Admin Console
  • The Admin Console
  • The Dashboard
    • Customize The Dashboard
  • Configure Comodo Secure Web Gateway
    • Connect Your Network / Devices To Secure Web Gateway
      • Traffic Forwarding Via Direct Proxy Or PAC
      • Traffic Forwarding Via Proxy Chaining
      • Traffic Forwarding Via Internet Content Adaptation Protocol (ICAP)
      • Traffic Forwarding Via SWG Agent
    • Connect Your Roaming Devices To Comodo Secure Web Gateway
      • View Enrolled Roaming Devices
    • Configure Comodo Secure Web Gateway Messages
    • Configure Domain Name
    • Configure PAC File For Exclusions
    • Configure Data Loss Prevention And View ICAP Service Information
    • Configure Policy Time-Schedules
  • Manage Trusted Networks
  • Manage Policies
    • Security Policy
      • Configure Advanced Threat Protection Settings
      • Configure Containerization Settings
    • Web Content Policy
      • Manage URL Filtering Policies
      • Configure SSL Inspection Settings
      • Manage File Type Control Rules
  • Apply Policies To Networks
  • Administration
    • Configure User Authentication Settings
    • User Management
      • Manage Users
      • Manage User Groups
      • Manage Departments
      • Manage Computers
    • My Profile
  • Reports
    • Custom Reports
    • Scheduled Reports
  • Unknown Threat Statistics
  • About Comodo Security Solutions

Configure User Authentication Settings

 
  • Click 'Administration' > 'Authentication Configuration' > 'Authentication Settings' to open this interface.
  • You have to choose a user authentication method in order to deploy user-specific policies.
  • There are two methods available - 'Hosted DB' and 'Active Directory'. You can select only one authentication method per account.
  • After connecting your networks to Comodo Secure Web Gateway and adding them to 'Locations', the default security and URL filtering polices will be applied to all endpoints in your networks.
    • You must first have added users before you can apply custom polices to them. You can add users in 'Administration' > 'Authentication Configuration' > 'User Management'. See 'User Management' if you need help with this.



    Authentication Method

    • SWG supports 'Active Directory' and 'Hosted Database' authentication. You can only use one of these types.
    • You can combine auth types with traffic forwarding types as explained in Connect your Network to Comodo Secure Web Gateway.
    • Comodo recommends the following types of combinations:

    S.No

    Auth Type

    Traffic Fowrading Types

    1

    Hosted DB

    SWG Agent, ICAP and Proxy Chain

    3

    Active Directory

    SWG Agent
     

    Note: You can only create network location rules for 'Direct Proxy' and 'PAC' traffic forwarding. You cannot create user based rules for these forwarding types.


    Authentication methods for user-based rules explained:

    • Traffic forwarding via SWG Agent – The SWG agent authenticates users via Windows authentication on the device. There is no need to select any  authentication and traffic forwarding option on the Locations interface. Hosted DB and Active Directory authentication methods are supported.
    • Traffic forwarding via Direct Proxy or PAC – User-based rules are not supported for these forwarding types, so no authentication is required. No need to select any authentication and traffic forwarding option on the Locations interface.
    • Traffic forwarding via Proxy Chaining / ICAP methods - If you plan to use a 3rd party proxy such as Websense or Bluecoat, then you can integrate with SWG and use Proxy Chaining / ICAP to forward traffic. Once done, you can create user-based rules if the 3rd party product authenticates and sends user names to SWG. You have to select the appropriate authentication and traffic forwarding option on the Locations interface. Only Hosted DB authentication is supported.

    Hosted DB

     

    A user database hosted on SWG will be used for authentication and identification. You will need to provide additional details including group and department in the 'Add User' dialog. End users will have to provide the credentials when the browser asks for basic authentication.


    Active Directory


    Users are authenticated using Active Directory. To use this method, you need to download the SWG AD agent and install it in your AD server. After installation and configuration, AD users and groups will be automatically enrolled to SWG and be visible under 'User Management'.

    • Select 'Active Directory Sync via Agent' under 'Authentication Method'



    • Click 'Download'
    • The agent setup file will be downloaded to your default location
    • Next, click 'Save'

    A unique AD sync agent authentication token will be generated.




    • Copy this token and save it
    • Next, transfer the setup file to any client machine which is included in the AD server, or to the AD server itself.

    Install Comodo SWG AD agent

    • Run the setup file and complete the AD connection details form:

    The agent will be installed and the authentication screen will be displayed:




    • User Token – Copy and paste the AD sync authentication token that you saved earlier
    • Host Name / IP – Enter the host name or IP of the AD server
    • Base DN – Enter the user base DN details, for example, DC=testing,DC=net
    • Click 'Check LDAP Connection

    You will see the following dialog after a successful connection:




    • Click 'Save & Close'

    AD users and groups will be automatically added to Comodo SWG after the first synchronization.

    • Click 'User Management' and 'Users' / 'Groups' to view the enrolled users and group via AD.



    The AD agent will initiate subsequent synchronizations every 3 hours automatically.




    • Last Synchronization – Indicates the date and time of last synchronization with the LDAP server
    • Total Number of Objects – The number of users and groups enrolled to SWG via AD

    Reset Synchronization

    • Click 'Reset'




    • Click 'OK'
    • All the users / groups enrolled via AD will be removed from the 'User Management' list.
    • SWG agent will initiate re-synchronization process and will complete in few minutes.
    • Specific users / groups policies should be reapplied.


    Authentication Bypass

    • Specify the domain, wildcard domain, IP address or network for which you want to skip authentication




    • Enter the details and click the '+' button on the right to add the exception
    • Click the trash can icon beside an entry to remove it
    • Click 'Save' for your changes to take effect

    Bypassed Categories

    • Specify the category of applications that you want to exempt from authentication.




    • Choose the application from the list and click the '+' button on the right to exempt a category.
    • If the user is within the network then they will be automatically authenticated by the domain controller.
    • If the user is outside the network then the browser will ask the user to authenticate themselves with their AD credentials. SWG will direct the credentials to the domain controller for authentication.
    • Click the trash can icon beside an entry to remove it.
    • Click 'Save' for your changes to take effect.
    Our Products
    • Free Antivirus
    • Free Internet Security
    • Website Malware Removal
    • Free Anti-Malware
    • Anti-Spam (Free Trial)
    • Windows Antivirus
    • Antivirus for Windows 7
    • Antivirus for Windows 8
    • Antivirus for Windows 10
    • Antivirus for MAC
    • Antivirus for Linux
    • Free Endpoint Security
    • Free ModSecurity
    • Free RMM
    • Free Website Malware Scanner
    • Free Device Manager for Android
    • Free Demo
    • Network Security
    • Endpoint Protection
    • Antivirus for Android
    • Comodo Antivirus
    • Wordpress Security
    Cheap CDN
    • Bootstrap CDN
    • Semantic UI CDN
    • Jquery CDN
    • CDN Plans
    • CDN
    • Free CDN
    Enterprise
    • Patch Management Software
    • Patch Manager
    • Service Desk
    • Website Down
    • Endpoint Protection Solutions
    • Website Security Check
    • Remote Monitoring and Management
    • Website Security
    • Device Manager
    • ITSM
    • CRM
    • MSP
    • Android Device Manager
    • MDR Services
    • Ransomware Prevention
    • Managed IT Support Services
    • Free EDR
    Free SSL Certificate
    Support Partners Terms and Conditions Privacy Policy

    © Comodo Group, Inc. 2024. All rights reserved.