Some authentication methods reliably detect when a user begins browsing, but struggle to detect when they have stopped.
Because of this, a new user may browse as if they were the original user until the timeout is reached. This can cause:
- The Web Filter logs to misidentify activity.
- On-Premise Appliance to treat users as part of the wrong User Group or as Default Users.
You should follow these recommendations:
- Redirect users to SSL or non-SSL Login Page: Provide a sign-out link, so users can manually sign out before handing the device to another user.
- Use other Indirect proxy authentication/identification methods with caution. Carefully consider which devices and networks use these methods. You can continue to use them as backup methods for External authentication.
- For Kerberos Authentication Scripts, the low timeout value, automated refresh and script running at sign-in make misidentification unlikely. If you use scripts with a redirect method and still see issues, contact Smoothwall Support.
For IDex Agent, there is no timeout value, so we recommend you:
- Configure the authentication service to erase IDex sign-ins daily from the hidden URL: HTTPS://smoothwall.ip:441/admin/hbd/
- Instruct users to explicitly log out whenever another user may use the device or when they switch devices. Ensure that the most recent login matches the current “active” user on that device.