NxFilter Tutorial
NxFilter and authentication
NxFilter provides several user authentication methods including single sign-on (SSO) with Active Directory.

Why authentication
When you install NxFilter for the first time, you only have one policy and it applies to everybody in your network. However, what if you are working for a school as a systems administrator and you want to apply a different policy based on user and group? You may want to apply a stricter policy to your students and a bit lenient policy to the teachers and staffs. So, you need to differentiate users. That's when you need to enable user authentication.

Which authentication
NxFilter supports several ways of authentication. You can choose one of them or mix and match some of them to complement each other.

1. IP based authentication

This is the simplest form of authentication. When you use static IP addresses in your network, this might be the best choice. Associate IPs or IP ranges to a user that you created on NxFilter GUI.

You need to enable authentication on 'System > Setup' before you use IP based authentication.

2. Password based authentication

When you enable authentication, NxFilter forwards any unauthenticated user to its login page unless they have IP address associations. You can set password for each user on 'User > User > EDIT'. When you import users from Active Directory, your users can use their AD credentials on NxFilter's login page.

3. Login token based authentication

Login Token is a character string for remote filtering agent identification. It is created for each user when you create or import users.

4. Single sign-on against Active Directory

We provide several single sign-on agents you can use in Active Directory environment. With these agents, when your users login to their PCs, they also login to NxFilter transparently. And you will see the DNS request log data of your users with their AD usernames.

5. Single sign-on without Active Directory

You can have single sign-on without Active Directory. CxLogon that is one of single sign-on agent for NxFilter works without Active Directory. You also can implement SSO by 802.1X Wi-Fi authentication for smartphones and tablets. You can write a custom login script for SSO if you want.