WebTitan

Active Directory and User Identification

WebTitan Cloud can assign custom policies to a user or groups of users. To do this, WebTitan Cloud must first be configured to identify users by their username. This is done by installing DNS Proxy and WebTitan Active Directory Agent (WADA) on your network.

Once installed, here is the general workflow for user identification using WADA and DNS Proxy:

WTC-AD-workflow.jpg

WTC-1.jpg During DNS Proxy configuration, you import your users and groups from Active Directory.

WTC-2.jpg Users and groups will then be securely transmitted to WebTitan Cloud. In return, DNS Proxy will receive a unique user id for each user.

WTC-3.jpg Once installed on your Active Directory server (or on another domain controller), WADA discovers who is logged on and where.

WTC-4.jpg Discovered user-IP mappings are continuously transmitted to DNS Proxy.

WTC-5.jpg Upon receipt of a DNS query, DNS Proxy checks to see if it has a user associated with the source IP address of the query. If found, the WebTitan Cloud user id for that user will be appended to the query as metadata along with the internal source IP address. If a user is not found, the internal IP address metadata is still sent.

Important

Only an internal WebTitan Cloud ID is sent as part of the metadata with each DNS request. Active Directory usernames are not transmitted.

WTC-6.jpg Requests containing metadata will then be forwarded to WebTitan Cloud where they will be logged with user identification.

See DNS Proxy & WADA Install and Setup Guide.