Authentication precedence
NxFilter supports multiple authentication methods at the same time. There's a sequential order among these authentication methods.
How it works
NxFilter supports multiple authentication methods. So, you could have a collision between these authentication methods.
For example, what if a user having an associated IP also falls into an IP range which
is associated to a different user? Or what if a user logged-in through NxFilter's login page is in an IP range which is associated
to another user? To address this issue, we have a sequential order for the authentication methods.
This is the order of authentication methods.
1. Single IP association
Single IP association comes first so that you can exclude some systems from IP range association.
2. IP session
IP Session is a login session being created and maintained on NxFilter by its single sign-on agent
or login page. This comes at second.
3. IP range association
When you need to allow anonymous users to access the internet without any login process,
associate an IP range covering whole network to your default user. But, you still can exclude
a user from the IP range by single IP association or creating the login session. So, the IP range
association comes at the last.
We have 'Most specific IP range comes first' rule for ordering IP range users. If there
are overlapped IP ranges, the smaller IP range will be applied before the others.