What is Authentication?

Authentication is required for user resolution. Authentication is a process in which the credentials provided are compared to those on file in a database of authorized users’ information on a local operating system or within an authentication server (For example, logging into your Google account.) If the credentials match, the process is completed and the user is granted authorization for access.

Authentication is both a method and a source. This document will discuss authentication as a method. To learn about Authentication Sources, click here.

What is the Purpose of Authentication?

User resolution through authentication supplies the Web Filter with the user credentials in order to provide the end user with the proper policy assignment and reporting. The User Agent is often the most accurate (especially in environments where a single device might have multiple IPs) and the most seamless for the user (avoiding the need for web authentication) method of user resolution. Agent-less user resolution can inaccurately report tracking when a device has multiple or changing IPs (the Rocket only knows the IP that was in use when the user logged in).

Once a user has authenticated, either automatically through the User Agent, or manually from a captive portal, access page, or RADIUS, the web filter can use Rule Sets and Assignments to determine whether to allow or block web content.

Note: If a user is not associated with a specific rule set, the Web Filter uses the Default web filter rule set.

Why does Authentication Matter?

Authentication plays a key role in Web Filter reporting and user management. Users that are not authenticated may not get the right policies. In addition, web traffic from unauthenticated users makes many Web Filter reports difficult to read, as the web traffic is not directly associated with a unique username or IP address.

Authentication Methods

Here are the four primary methods of User Resolution. These methods can be combined in various ways to create the solution that best fits your school district’s needs. (All of our authentication methods will integrate with the school district’s Active Directory, Open Directory, eDirectory, LDAP or local users database. Multi-directory environments are also fully supported.)

Authentication Method by Device

The following table identifies which method of user resolution you should use with each unique device.

Device Recommended Method
Mac Laptops/Desktops Mac User Agent
PC Laptops/Desktops Captive Portal, RADIUS
Chromebooks ChromeOS Extension Agent
Android Devices Captive Portal, RADIUS
iOS Devices RADIUS, Captive Portal
Windows Devices PCUA (WF v2.x), LMA (WF v3.x), Captive Portal, RADIUS

Authentication Methods Pro/Con

Web Authentication/Captive Portal

Works with any device with a web browser

User Agents

Domain Controller Agent

Available for Active Directory–based networks

RADIUS

Available for any device that connects to an authenticated (802.1X/NAC) network

Additional Resources

Please refer to our User Identification Explained whitepaper for an in-depth explanation of authentication and user resolution.