Add an authentication policy

  1. Go to Web server > Authentication policies and click Add.
  2. Type a name.
  3. Choose a client authentication mode.
    OptionDescription
    Basic Users authenticate with HTTP basic authentication, that is, by typing their user name and password. No session cookies will be generated and a dedicated sign-out is not possible.
    Tip As the credentials are sent unencrypted, use this mode with HTTPS.
    Form Users type their credentials in a form. Session cookies will be generated and a dedicated sign-out is possible.
  4. Specify additional client authentication settings.
    OptionDescription
    Basic prompt For basic authentication, the string that provides instructions to users, for example, “Please enter your credentials”.
    Authentication template For form-based authentication, the form that will be presented to users.
    Users or groups Users or user groups that should be assigned to this profile.
  5. Specify an authentication forwarding mode.
    The mode must match the web server’s authentication settings.
    OptionDescription
    Basic Authentication works with HTTP basic authentication, providing user name and password.
    None No authentication between the firewall and the web servers.
    Note Even if your web servers do not support authentication, users will be authenticated through the frontend mode.
  6. Specify additional authentication forwarding settings.
    OptionDescription
    Username affix For basic authentication, type of affix to be added automatically to the user name. Affixes are useful when working with domains and email addresses.
    Note Prefix and suffix will be added if users enter a user name only.
    Remove basic header For no authentication, do not send the basic header from the firewall to the web server.
  7. Optional For form-based authentication, specify user session settings.
    OptionDescription
    Session timeout If no activity is detected within the specified interval, force the user to log on again.
    Session lifetime Limit the time users may remain logged on to the specified interval, regardless of the activity.
  8. Select Save.