11.3.1. Procedure – Creating a new authentication policy

Purpose: 

To create a new authentication policy, follow the steps below:

Steps: 

  1. Navigate to SSH Control > Authentication Policies, and click .

    Figure 11.5. SSH Control > Authentication Policies — Configuring authentication policies

    SSH Control > Authentication Policies — Configuring authentication policies
  2. Enter a name for the policy into the Name field.

  3. Select the authentication method used on the client-side in the Client-side gateway authentication backend field. For details on the client-side authentication settings, see Section 11.3.2, Client-side authentication settings.

  4. Select the authentication method used on the server-side in the Relayed authentication methods field. For details on the relayed authentication settings, see Section 11.3.3, Relayed authentication methods.

  5. Click .

    Note
    • The client-side authentication settings apply for authenticating the user inband (that is, within the SSH protocol) to the PSM gateway, and is independent from the gateway authentication performed on the PSM web interface. The web-based gateway authentication is an out-of-band gateway authentication method that can be required by the connection policy. For details on out-of-band gateway authentication, see Procedure 18.2.1, Configuring out-of-band gateway authentication.

      Gateway authentication on the PSM web interface can be used together with authentication policies. In an extreme setting, this would mean that the user has to perform three authentications: a client-side gateway authentication within the SSH protocol to PSM, an out-of-band gateway authentication on the PSM web interface, and a final authentication on the target server.

    • The Connection Policy will ignore the settings for server-side authentication (set under Relayed authentication methods) if a Credential Store is used in the Connection Policy.