How Explicit Proxy Identifies Users
Focus
Focus

How Explicit Proxy Identifies Users

Table of Contents

How Explicit Proxy Identifies Users

Learn how Prisma Access Explicit Proxy identifies users.
Explicit Proxy identifies users in the traffic logs dependent on how the users authenticate with the proxy, as shown in the following table.
Authentication TypeUser Identification in Traffic Logs
Users that are logged in using SAML authentication and decryptionThe username.
Users that are logged in from another proxy that uses X-Authenticated-User (XAU) headers
XAU header information.
Explicit Proxy only allows traffic from specific IP addresses to use XAU for authentication. You create an address object and specify the IP addresses where you allow XAU for authentication; then, add the address object in the Trusted Source Address field during Explicit Proxy setup.
Authenticated cross-origin resource sharing (CORS) requests
The swg-authenticated-ip-user user.
To help identify traffic that is coming from authenticated users in cases where browsers cannot send cookies or perform authentication redirection, such as CORS requests, Explicit Proxy adds the swg-authenticated-ip-user to the traffic logs.
Undecrypted traffic (if you have allowed Explicit Proxy to allow undecrypted traffic from IP addresses where users have previously authenticated)
The swg-authenticated-ip-user user.
You can specify Explicit Proxy to allow undecrypted traffic from IP addresses where users have authenticated; to do so, specify Decrypt traffic that matches existing decryption rules; for undecrypted traffic, allow traffic only from known IPs registered by authenticated users when you configure Explicit Proxy. In these configurations, Explicit Proxy adds the swg-authenticated-ip-user to the traffic logs.