Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Secure Access Sign-In Policies (NSM Procedure)

    You can create sign-in policies to define URLs that you can use to access the Secure Access device. There are two types of sign-in policies—one for users and one for administrators. When configuring sign-in policies, you must associate realms, sign-in pages, and URLs.

    To configure sign-in policies, you must follow these procedures:

    1. Creating Authorization-Only Policies
    2. Creating User or Administrator URLs
    3. Creating Meeting URLs

    Creating Authorization-Only Policies

    The authorization-only policy is similar to a reverse proxy. Typically, a reverse proxy is a proxy server that is installed in front of the Web Servers.

    With an authorization-only policy, you select a user role. The device acts as a reverse proxy server and performs authorization against the Netegrity SiteMinder server for each request.

    To configure an authorization-only policy:

    1. In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure an authorization-only policy.
    2. Click the Configuration tab, and select Authentication > Signing In > Sign-in Policies > Authorization-Only Policies. The corresponding workspace appears.
    3. Add or modify settings on the authorization-only policy as specified in Table 1.
    4. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.

    Table 1: Authorization-Only Policy Configuration Details

    Option FunctionYour Action

    Virtual Hostname

    Accesses the backend application and sends the request to the original requesting Web browser.

    Enter a valid name that maps to the device’s IP address.

    Note: The name must be unique among all the virtual hostnames used in pass-through proxy’s hostname mode. Also, do not include the protocol (for example, http:) in this option.

    Backend URL

    Allows the client to redirect to this URL. The request from the virtual hostname gets transformed as a request to this URL.

    Enter a valid URL for the remote server.

    Note: You must specify the protocol, hostname, and port of the server. For example, enter http://www.mydomain.com:8080/*.

    Description

    Specifies the description of the policy.

    Enter a description for the policy.

    Authorization Server

    Specifies the Netegrity SiteMinder server that manages user authentication and access.

    Select the corresponding Netegrity SiteMinder server.

    Role Option

    Specifies the user role.

    Select one of the user role options.

    Note: Only the following user role options are applicable for authorization-only policies.

    • Allow browsing un-trusted SSL (Users > User Roles > RoleName > Web > Options ).
    • HTTP connection timeout (Users > User Roles > RoleName > Web > Options).
    • Source IP restrictions (Users > User Roles > RoleName > General > Restrictions).
    • Browser restrictions (Users > User Roles > RoleName > General > Restrictions).

    Enable

    Enables or disables the individual policy.

    Select Authorization-Only Policies > Enable to enable this option.

    Allow ActiveSync Traffic only

    Enables or disables only the ActiveSync requests.

    Select Allow ActiveSync Traffic only to perform a basic validation of the HTTP header to ensure the request is consistent with the ActiveSync protocol. If you select this option, only ActiveSync protocol requests can be processed. If validation fails, a message is created in the user’s event log. If you do not select this option, both ActiveSync and non-ActiveSync requests are processed.

       

    Creating User or Administrator URLs

    To configure a user or administrator URL:

    1. In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure a user/administrator URL.
    2. Click the Configuration tab, and select Authentication > Signing In > Sign-in Policies > User/Administrator URLs. The corresponding workspace appears.
    3. Add or modify settings on the user/administrator URL as specified in Table 2.
    4. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.

    Table 2: User/Administrator URLs Configuration Details

    Option FunctionYour Action
    General tab

    Sign-in URL

    Specifies the sign-in URL.

    Enter a valid URL for the sign-in URL.

    Description

    Specifies the description of the user/administrator URL policy.

    Enter a description for the user/administrator URL policy.

    Enable

    Enables or disables the individual policy.

    Select User/Administrator URLs > Enable to enable this option.

    Sign-in Page

    Specifies the customized properties in the end-user’s welcome page such as the welcome text, help text, logo, header, and footer.

    Select the sign-in page from the drop-down list.

    Realm Select

    Specifies the type of the realm that you want to choose.

    Select the realm select from the drop-down list.

    Administrator > Selected Admin Realms > Non-members

    Moves the selected admin realms from non-members to members.

    Select the admin realms from Non-members to Members.

    User > Meeting URL

    Specifies the URL that controls the sign-in page, which you can view when you sign into a meeting on the Secure Access device.

    Select the meeting URL from the drop-down list.

    User > Selected User Realms > Non-members

    Moves the selected user realms from non-members to members.

    Select the user realms from Non-members to Members.

    Creating Meeting URLs

    To configure a meeting URL:

    1. In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure a meeting URL.
    2. Click the Configuration tab, and select Authentication > Signing In > Sign-in Policies > Meeting URLs. The corresponding workspace appears.
    3. Add or modify settings on the meeting URL as specified in Table 3.
    4. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.

    Table 3: Meeting URLs Configuration Details

    Option FunctionYour Action

    User Type

    Specifies the type of sign-in policy.

    Select the type of policy from the drop-down list (for example, enter Meeting).

    Sign-in URL

    Specifies the URL that you want to associate with the meeting URL policy.

    Enter a valid URL.

    Note: Use the format <host>/<path> where<host> is the hostname of the device and <path> is any string that you enter.

    Description

    Describes of the meeting URL policy.

    Enter a description of the meeting URL policy.

    Enable

    Enables or disables the individual policy.

    Select Meeting URLs > Enable to enable this option.

    Sign-in Page

    Specifies the meeting sign-in page.

    Select a meeting sign-in page from the drop-down list.

    Published: 2013-01-03