NxFilter Tutorial

Authentication precedence
NxFilter supports multiple authentication methods at the same time. There's a sequential order among these authentication methods.


How it works
NxFilter supports multiple authentication methods. So, you could have a collision between these authentication methods. For example, what if a user having an associated IP also falls into an IP range which is associated to a different user? Or what if a user logged-in through NxFilter's login page is in an IP range which is associated to another user? To address this issue, we have a sequential order for the authentication methods.

This is the order of authentication methods.

1. Single IP association

Single IP association comes first so that you can exclude some systems from IP range association.

2. IP session

IP Session is a login session being created and maintained on NxFilter by its single sign-on agent or login page. This comes at second.

3. IP range association

When you need to allow anonymous users to access the internet without any login process, associate an IP range covering whole network to your default user. But, you still can exclude a user from the IP range by single IP association or creating the login session. So, the IP range association comes at the last.

We have 'Most specific IP range comes first' rule for ordering IP range users. If there are overlapped IP ranges, the smaller IP range will be applied before the others.