No matter which form of authentication you apply, Active Directory must first be configured and turned on. Authentication options are unavailable if Active Directory is turned off. For more information, see "Configuring Active Directory Access."

Authentication allows the appliance to perform identification on the basis of an Active Directory username, providing improved policy control and logging. Without authentication users can only be identified by IP address. As a result, appliance policy decisions and logging are based solely on IP addresses.

Use the Configuration > System > Authentication page to configure default authentication settings and create authentication profiles.

Authentication profiles can be configured to apply different types of authentication for different connection types (for example, devices and client applications that cannot be authenticated with Active Directory). To specify connection types, you must also create a connection profile using the Connection Profile Editor on the Configuration > System > Connection Profiles page.

The connection profiles that you create are then available to be referenced in authentication profiles.

Authentication profiles can also apply different types of authentication to specific destinations. For example, you may want to create an exception to the main authentication settings so that internal sites do not require authentication.