The authentication policy is a combination of rules that are to be matched and their corresponding actions. The rules can be configured to match for client IP, host header, or path match.

Configuring Authentication Rule screen

  1. In the AUTHENTICATION RULE screen, click Add.

  2. Navigate to Authentication > Authentication Rules.

  3. Click Add.

  4. In the Authentication Rule screen, enter Name of the rule.

  5. Ensure the option Enable Rule is toggled on to apply the rule.

  6. Click Add and select the required option as the Match criterion.

    1. Client IP Address

    2. Path

    3. Host Header

Criteria

Description

Configuration

Client IP Address

The client IP address of incoming requests will be matched with the rules configured. If a match is found for the client IP, the corresponding rule gets executed.

  1. Select one from the options:

  • Is In: The client IP address is a part of the specified IP Address group.

  • Is Not In: The client IP address is not a part of the specified IP Address group.

The client IP match can be the client IP address, address range, IP prefixes, or an IP group.

2. Click Select from Available and select the IP group from the drop-down menu available

or

Select Enter Custom Value and manually enter the IP Address.

Add Host Header

The host header is matched from the configured list of the host header values. Host header can be configured to be case sensitive aware.

1. Select a Match Criteria from the drop down list. For example, Begins with.

2. Enter a string value to match with the criterion defined, for example, abc.

Path

The path match is matched based on the string group or list of the string values of the path. The path match can be configured to be case sensitive aware.

1. Select a Match Criteria from the drop down list. For example, Begins with.

2. Click Select from Available and select the string group from the drop-down menu.

Or

Select Enter Custom Value and manually enter the String Group.
The AUTHENTICATION RULE screen is as shown below:


7. Configure the Action to be executed. Currently the following two actions are supported:

Skip Authentication

To skip authentication if any one of the rules is matched

Default Authentication

To use SAML authentication if any one of the rules is matched.

8. Click Save.

Viewing the Authentication Rule

From the SSO policy, click the arrow against the required rule.



The rule configuration is displayed as shown below: