Technical Documentation

Download PDFs
Configuring Secure Access Sign-In Policies (NSM Procedure)

Configuring Secure Access Sign-In Policies (NSM Procedure)

You can create sign-in policies to define URLs that you can use to access the Secure Access device. There are two types of sign-in policies—one for users and one for administrators. When configuring sign-in policies, you must associate realms, sign-in pages, and URLs.

To configure sign-in policies, you must follow these procedures:

Creating Authorization-Only Policies

The authorization-only policy is similar to a reverse proxy. Typically, a reverse proxy is a proxy server that is installed in front of the Web Servers.

With an authorization-only policy, you select a user role. The device acts as a reverse proxy server and performs authorization against the Netegrity SiteMinder server for each request.

To configure an authorization-only policy:

In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure an authorization-only policy.
Click the Configuration tab, and select Authentication > Signing In > Sign-in Policies > Authorization-Only Policies. The corresponding workspace appears.
Add or modify settings on the authorization-only policy as specified in Table 1.
Click one:
- OK—Saves the changes.
- Cancel—Cancels the modifications.

Table 1: Authorization-Only Policy Configuration Details

Option	Function	Your Action
Virtual Hostname	Accesses the backend application and sends the request to the original requesting Web browser.	Enter a valid name that maps to the device’s IP address. Note: The name must be unique among all the virtual hostnames used in pass-through proxy’s hostname mode. Also, do not include the protocol (for example, http:) in this option.
Backend URL	Allows the client to redirect to this URL. The request from the virtual hostname gets transformed as a request to this URL.	Enter a valid URL for the remote server. Note: You must specify the protocol, hostname, and port of the server. For example, enter http://www.mydomain.com:8080/*.
Description	Specifies the description of the policy.	Enter a description for the policy.
Authorization Server	Specifies the Netegrity SiteMinder server that manages user authentication and access.	Select the corresponding Netegrity SiteMinder server.
Role Option	Specifies the user role.	Select one of the user role options. Note: Only the following user role options are applicable for authorization-only policies. Allow browsing un-trusted SSL (Users > User Roles > RoleName > Web > Options ). HTTP connection timeout (Users > User Roles > RoleName > Web > Options). Source IP restrictions (Users > User Roles > RoleName > General > Restrictions). Browser restrictions (Users > User Roles > RoleName > General > Restrictions).
Enable	Enables or disables the individual policy.	Select Authorization-Only Policies > Enable to enable this option.

Creating User/Administrator URLs

To configure a user or administrator URL:

In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure a user/administrator URL.
Click the Configuration tab, and select Authentication > Signing In > Sign-in Policies > User/Administrator URLs. The corresponding workspace appears.
Add or modify settings on the user/administrator URL as specified in Table 2.
Click one:
- OK—Saves the changes.
- Cancel—Cancels the modifications.

Table 2: User/Administrator URLs Configuration Details

Option	Function	Your Action
General tab
Sign-in URL	Specifies the sign-in URL.	Enter a valid URL for the sign-in URL.
Description	Specifies the description of the user/administrator URL policy.	Enter a description for the user/administrator URL policy.
Enable	Enables or disables the individual policy.	Select User/Administrator URLs > Enable to enable this option.
Sign-in Page	Specifies the customized properties in the end-user’s welcome page such as the welcome text, help text, logo, header, and footer.	Select the sign-in page from the drop-down list.
Realm Select	Specifies the type of the realm that you want to choose.	Select the realm select from the drop-down list.
Administrator > Selected Admin Realms > Non-members	Moves the selected admin realms from non-members to members.	Select the admin realms from Non-members to Members.
User > Meeting URL	Specifies the URL that controls the sign-in page, which you can view when you sign into a meeting on the Secure Access device.	Select the meeting URL from the drop-down list.
User > Selected User Realms > Non-members	Moves the selected user realms from non-members to members.	Select the user realms from Non-members to Members.

Creating Meeting URLs

To configure a meeting URL:

In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure a meeting URL.
Click the Configuration tab, and select Authentication > Signing In > Sign-in Policies > Meeting URLs. The corresponding workspace appears.
Add or modify settings on the meeting URL as specified in Table 3.
Click one:
- OK—Saves the changes.
- Cancel—Cancels the modifications.

Table 3: Meeting URLs Configuration Details

Option	Function	Your Action
User Type	Specifies the type of sign-in policy.	Select the type of policy from the drop-down list (for example, enter Meeting).
Sign-in URL	Specifies the URL that you want to associate with the meeting URL policy.	Enter a valid URL. Note: Use the format <host>/<path> where<host> is the hostname of the device and <path> is any string that you enter.
Description	Describes of the meeting URL policy.	Enter a description of the meeting URL policy.
Enable	Enables or disables the individual policy.	Select Meeting URLs > Enable to enable this option.
Sign-in Page	Specifies the meeting sign-in page.	Select a meeting sign-in page from the drop-down list.