Explicit Proxy identifies users in the Traffic logs dependent on how the users
authenticate with the proxy, as shown in the following table.
Authentication Type
User Identification in Traffic Logs
Users who login using SAML authentication and
decryption
The username.
Users who login from another proxy that uses
X-Authenticated-User (XAU) headers
XAU header information.
Explicit Proxy only allows traffic from specific IP addresses to
use XAU for authentication. You create an address object and
specify the IP addresses where you allow XAU for authentication;
then, add the address object in the
Some traffic comes from authenticated users whose browsers can't
send cookies or perform authentication redirection, such as CORS
requests. In such cases, Explicit Proxy adds the
swg-authenticated-ip-user
to
the Traffic logs.
Undecrypted traffic (if you have allowed Explicit Proxy to allow
undecrypted traffic from IP addresses where users have
previously authenticated)
The
swg-authenticated-ip-user
user.
You can specify Explicit Proxy to allow undecrypted traffic from
IP addresses where users have authenticated; to do so, specify
Decrypt traffic that matches existing decryption
rules; for undecrypted traffic, allow traffic only from
known IPs registered by authenticated users