NxFilter Tutorial
Tutorial Index

Authentication precedence
NxFilter supports multiple authentication methods at the same time. There's a sequential order among these authentication methods.


How it works
NxFilter supports multiple authentication methods. So you could have a collision between these authentication methods. For example, what if a user having an associated IP also falls into an IP range which is associated to a different user? Or what if a user passed NxFilter's login page is in an IP range which is associated to another user? To address this issue, we have a sequential order for the authentication methods.

This is the order of authentication methods.

1. Single IP association
Single IP association comes first so that you can exclude some systems from IP range association or login some users without a login prompt.

2. IP session
'IP session' is a login session being created and maintained on NxFilter by its single sign-on agent or login page. This comes at second.

3. IP range association
When you need to allow anonymous users to access the Internet without any login process, associate an IP range covering whole network to your default user. But you still can exclude a user from the IP range by single IP association or the login session. So the IP range association comes at last.

We have 'Most specific IP range comes first' rule for ordering IP range users. If there are overlapped IP ranges, the smaller IP range will be applied before the others.