8.3. Authorizing the Workforce

After you authenticate your users and receive a basic yes or no, pass or fail, on their credentials, what do you do? You're ready to authorize the workforce. Although you did just authenticate them, authorization allows you to take that information to the next level.

Pop quiz: Authentication

Now it is time to determine what source I can use for user authentication:

  • What authentication servers are at my disposal?

  • What portion of my user populous does auth server cover?

  • Will I be missing any users?

  • Does a central authentication server, which I can leverage for NAC, tie everything together?

  • Can I add the extra authentication load to the authentication server?

With authorization added to authentication, you can take the authenticated user name that you receive, as well as the authorized group membership info for that user, and create differentiated access based on user identity.

For example, say that Bob connects to the network and types in his password. The agent sends his credentials to the policy engine, which verifies them against the Active Directory. The Active Directory confirms that his credentials are valid. But, so far, all you know is that the request gave Bob's correct password. Authorization allows you to dig deeper so that you can find out more about Bob.

If only authentication existed, everyone would end up on the same network with the same ...

Get Network Access Control For Dummies® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial