Starting with version 3.2, the ProxyClient enables you to use specific Web filtering policies for users and domain groups. These users and domain groups are validated against the user’s cached login credentials on the ProxyClient computer. In other words, ProxyClient uses credentials for the authentication realm configured for the domain to which the computer connects. You can specify users and domain groups can be specified from any authentication realm (LDAP, Novell SSO, IWA, and so on).
A separate but related feature introduced in ProxyClient 3.2 affects how the WebPulse cloud service is accessed through a proxy server. Integrated Windows Authentication (IWA) is supported for proxy servers. If your proxy server uses IWA authentication, or if it uses no authentication, clients can perform Web filtering.
IWA authentication to the proxy server is transparent to ProxyClient users. If a proxy server is required for Internet access, the IWA credentials are used to contact the WebPulse cloud service to get a rating for a URL request made from the ProxyClient computer.
If the proxy server uses another type of authentication (such as Basic authentication), the ProxyClient will not communicate with the Client Manager, and WebPulse will be unavailable (that is, the configured Unavailable policy action is applied).