In some cases, the User-ID agent can’t map an IP address
to a username using server monitoring or other methods—for example,
if the user isn’t logged in or uses an operating system such as
Linux that your domain servers don’t support. In other cases, you
might want users to authenticate when accessing sensitive applications regardless
of which methods the User-ID agent uses to perform user mapping.
For all these cases, you can configure Configure
Authentication Policy and Map
IP Addresses to Usernames Using Authentication Portal. Any
web traffic (HTTP or HTTPS) that matches an Authentication policy
rule prompts the user to authenticate through Authentication Portal.
You can use the following Authentication
Portal Authentication Methods:
Browser challenge—Use Kerberos single
sign-on if you want to reduce the number of login prompts that users
must respond to.