Create an Identity Policy and an Identity Rule
Identity policies contain identity rules to perform user authentication based on the realm and authentication method associated with the traffic. Identity rules associate sets of traffic with a realm and an authentication method: passive authentication, active authentication, or no authentication. You must fully configure the realms and authentication methods you plan to use before you can invoke them in your identity rules.
Procedure
| Step 1 | On your Cisco Defense Orchestrator web interface, choose Policies > Access Control > Identity and lick New Policy. |
| Step 2 | Enter a Name and Description, and then click Save. |
| Step 3 | To add a rule to the policy, click Add Rule, and enter a Name. |
| Step 4 | Specify whether the rule is Enabled. |
| Step 5 | To add the rule to an existing category, indicate where you want to Insert the rule. To add a new category, click Add Category. |
| Step 6 | Choose a rule Action from the list and select the interface configured in remote access VPN as the source interface. |
| Step 7 | Click Realms & Settings, choose the new realm created for the identity rule from the Realms list. Make sure that you select the same realm selected for user authentication in remote access VPN policy. |
| Step 8 | Configure your preferred settings for the users in the selected realm and select other required rule options. |
| Step 9 | Click Add to save the rule and then save the identity policy. |