NxFilter Tutorial
Tutorial Index

NxFilter and authentication
NxFilter provides several user authentication methods including single sign-on (SSO) with Active Directory.

Why authentication
When you install NxFilter for the first time, you only have one policy and it applies to everybody in your network. However, what if you are working for a school as a systems administrator and you want to apply a different policy based on user and group? You may want to apply a stricter policy to your students and a bit lenient policy to the teachers and staffs. So, you need to differentiate users. That's when you need to enable authentication.

Which authentication
NxFilter supports several ways of authentication. You can choose one of them or mix and match some of them.

1. IP based authentication
This is the simplest form of authentication. When you use static IP addresses in your network, this might be the best choice. Associate IPs or IP ranges to a user that you created on NxFilter GUI.

You need to enable authentication on 'Config > Setup' before you use IP based authentication.

2. Password based authentication
When you enable authentication, NxFilter forwards any unauthenticated user to its login page unless they have IP address associations. They can go through the login page with their passwords you set on 'User > User'.

3. LDAP based authentication
If you import users from an OpenLDAP or an Active Directory, they will be able to use their LDAP credentials on NxFilter's login page.

4. Login token based authentication
Login Token is a character string for remote filtering agent identification. It is created for each user when you create or import users.

5. Single sign-on against Active Directory
Single sign-on (SSO) is about filtering users transparently. NxFilter supports Active Directory integration. Once you implement it, when your users login to their PCs, they also login to NxFilter transparently. And you will see the DNS request log data of your users with their AD usernames.

6. Single sign-on without Active Directory
You can have single sign-on without Active Directory. CxLogon works without Active Directory and you can implement SSO by 802.1x WiFi authentication for smartphones and tablets. You can write a custom login script for SSO as well.