How to Assign Explicit Web Proxy Policies to Active Directory Users Synced with the CE appliance?

The Crystal Eye appliance can be integrated with a Microsoft Active Directory server to assign CE web proxy policies to AD users.

This feature allows Crystal Eye administrators to assign authentication based Explicit web proxy policies to AD users. This also means that when the users access their browsers in the Crystal Eye network through their devices they will be prompted to authenticate via AD user credentials. The user will be assigned the web proxy policy once the username and password is fed in.

In the use case discussed below, we will create users in the Microsoft Active Directory server, add them to the web_proxy_plugin folder and then change the Authentication mode to Explicit Proxy + User Authentication + NTLM. In addition to this, we will also sync/pair the Active Directory server with the Crystal Eye appliance. This will activate the relevant web proxy policies created for the AD users integrated to the Crystal Eye appliance.

Step 1: In the Active Directory server GUI, click the users icon in the top panel.

Step 2: You will now see the New Object – User popup.

Step 3: Now enter the user details in the respective textboxes in the popup and click the Next button.

Step 4: Now you will be asked to enter the password in the relevant textboxes. Click the Next button.

Step 5: You will now see the created user listed with the other users.

Step 6: Create a user group and name it web_proxy_plugin and then double click it.

Step 7: You will now see the web proxy plugin properties popup. Click the Members tab.

Step 8: Now click the Add button at the bottom of the popup.

Step 9: You will now see the Select Users, Contacts, Computers, Service Accounts or Groups popup.

Step 10: Type in the initial name of the user, select the user name and then click the OK button.

You have successfully created AD Users and added them to web_proxy_plugin group. Now we will sync the AD server users and group with the Crystal appliance

Step 11: Go to System Configuration > Active Directory Authentication

Step 12: You will now see the Active Directory Authentication page. Click the Enable button.

Step 13: After Active Directory application is enabled, you would see that the app status would change to “Active Directory Authentication is Enabled”. Enter the Netbios Domain in the textbox under the Active Directory Settings section.

Note: To know the Netbios Domain go to Active Directory Users and Computers. You will find the Windows Domain on the left pane. Right click on it and select Properties. The Properties pop-up will then pop out. The Netbios domain will be mentioned in the Domain name (pre-Windows 2000) textbox (Refer to the screenshot below).

Step 14: Enter the Windows Domain in the textbox.

Note: To know the Windows Domain, go to Control Panel > System & Security > System. You will then see the Windows Domain (refer to the screenshot below).

Step 15: Enter the Domain Controller FQDN in the textbox.

Note: To know the Windows Domain, go to Control Panel > System & Security > System. You will then see the Windows Domain (refer to the screenshot below).

Step 16: Enter the Domain Controller FQDN in the textbox.

Note: To know the Domain Controller IP, click all servers in the left pane. You will find the Domain Controller IP address under the Servers section.

Step 17: Enter the Username and Password in the textbox and click the Save button.

Step 18: You will now see the connection status message. Click the Active Directory Authentication button.

Note: You will now be able to see the AD user that you created in the Users application of CE.

Step 19: Go to Network Control > Web Proxy Server > App Policies Section and click the Edit Members button. Verify that the AD User you created is visible here and click the Cancel button.

Step 20: Click the Edit button in the Authentication section of the Web Proxy Server application.

Step 21: Select Explicit Proxy + User Authentication + NTLM from the Authentication dropdown and click the Update button.

Note: You will now see the User Authentication and NTLM Mode Enabled in the Authentication section.

Step 22: The AD users synced with the Crystal Eye appliance and added to the web proxy group will now be prompted to enter the username and password. Enter the Username and Password which was assigned while creating the AD users in the AD server.

The Explicit Web Proxy policies will now be assigned to the user!
Associated Links— Assigning Authentication Based Explicit Web Proxy for AD Users
CE Manual – Explicit Proxy for AD Users
CE Manual – Assigning Web Proxy Policies to AD Users
CE Manual – Active Directory Authentication
CE Manual – Web Proxy Server
CE Knowledge Base – Active Directory Authentication
Forum Post – Assigning Authentication Based Explicit Web Proxy for Active Directory Users