To enforce user- and group-based policies, the firewall must
be able to map the IP addresses in the packets it receives to usernames.
User-ID provides many mechanisms to collect this
User Mapping information.
For example, the User-ID agent monitors server logs for login events
and listens for syslog messages from authenticating services. To
identify mappings for IP addresses that the agent didn’t map, you
can configure
Authentication Policy to redirect HTTP requests to a Captive Portal login. You can
tailor the user mapping mechanisms to suit your environment, and even
use different mechanisms at different sites to ensure that you are
safely enabling access to applications for all users, in all locations,
all the time.