Add an authentication policy
- Go to Web server > Authentication policies and click Add.
- Enter a name.
Choose an authentication mode for endpoint devices.
Option Description Basic Users authenticate with HTTP basic authentication, that is, by typing their username and password. No session cookies will be generated and a dedicated sign-out isn't possible.
As the credentials are sent unencrypted, use this mode with HTTPS.
Form Users type their credentials in a form. Session cookies will be generated and a dedicated sign-out is possible.
Specify additional authentication settings for endpoint devices.
Option Description Basic prompt For basic authentication, the string that provides instructions to users, for example, “Please enter your credentials”. Authentication template For form-based authentication, the form that will be presented to users. Users and groups Users or user groups that should be assigned to this profile.
Specify an authentication forwarding mode. The mode must match the web server’s authentication settings.
Option Description Basic Authentication works with HTTP basic authentication, providing username and password. None No authentication between the firewall and the web servers.
Even if your web servers don't support authentication, users will be authenticated through the frontend mode.
Specify additional authentication forwarding settings.
Option Description Username affix For basic authentication, type of affix to be added automatically to the username. Affixes are useful when working with domains and email addresses.
Prefix and suffix will be added if users enter a username only.
Remove basic header For no authentication, do not send the basic header from the firewall to the web server.
For form-based authentication, specify user session settings.
Option Description Session timeout If no activity is detected within the specified interval, force the user to log on again. Session lifetime Limit the time users may remain logged on to the specified interval, regardless of the activity.