Enabling access control by user

Access control by user lets you use User and User Group elements as the source or destination of rules to create user-specific rules without user authentication.

You can use user-specific rules and user authentication rules to allow some user groups to access a service, while otherwise requiring authentication for the same service.
Note: User-specific rules do not replace user authentication. User-specific rules are a tool to simplify the configuration of access control, and improve the end-user experience by allowing transparent access to services. They are intended to be used for trusted users in a trusted environment where strong authentication is not required.

Access control by user requires the Forcepoint User ID Service, the McAfee Logon Collector, or the Integrated User ID Service for transparent user identification. The Forcepoint User ID Service, the McAfee Logon Collector, and the Integrated User ID Service monitor logon events from the Domain Controller servers and from Microsoft Exchange Servers to associate users with IP addresses. The Integrated User ID Service is primarily meant for demonstration purposes and proof-of-concept testing of user identification services.

Note: McAfee Logon Collector is only supported in Forcepoint NGFW version 5.8 or higher. For Forcepoint NGFW version 6.4 or higher, we recommend that you use the Forcepoint User ID Service.