Authentication Backends
Once the user provides his credentials to Captive Portal these credentials need to be verified by actual authentication backend. Currently the following verification methods can be used.
The following sections briefly describe each authentication backend.
Not Used / Start Browsing
Captive Portal authentication backend is not used. The connecting user is only required to click the Start Browsing button on the captive portal welcome page. The IP address of the connecting user is re-used as his user name.
This type of the authentication backend could for example be used to let the user view Terms and Conditions of your proxy before browsing session. To customize the page the user sees at the time of authentication, edit the /opt/websafety-ui/var/console/portal/templates/portal/accept.html
page.
Local User Database
User names and passwords to be used in Captive Portal come from Local Users list. Please note, only the list of users need to be configured. Do not enable the Local User Database authentication itself as it cannot be used together with Captive Portal.
To customize the page the user sees at the time of authentication, edit the /opt/websafety-ui/var/console/portal/templates/portal/local_users.html
page.
Active Directory / LDAP
Verify submitted user names and passwords by performing a LDAP bind to the Active Directory domain controller. Please note, you also need to configure the Active Directory integration. Once again, do not enable Kerberos, NTLM, Basic LDAP explicit proxy authenticators as these are not compatible with Captive Portal.
To customize the page the user sees at the time of authentication, edit the /opt/websafety-ui/var/console/portal/templates/portal/active_directory.html
page.
Azure Active Directory / Microsoft Entra
Require users to authenticate to your Microsoft Azure Active Directory tenant, for example, using yourcompany.onmicrosoft.com
accounts. In this case Captive Portal would redirect the unauthenticated users to Azure Active Directory login page.
To customize the page the user sees at the time of authentication, edit the /opt/websafety-ui/var/console/portal/templates/portal/azure_ad.html
page.
Note
In order to use this option your must first provision the Captive Portal application in your Azure Active Directory tenant and then configure Azure Active Directory integration settings. For more information and detailed guidance, see Azure Active Directory integration tutorial.
Google OAuth
Require users to authenticate to your Google Workspace (G Suite) deployment. In this case Captive Portal would redirect the unauthenticated users to Google Authentication login page.
To customize the page the user sees at the time of authentication, edit the /opt/websafety-ui/var/console/portal/templates/portal/google_oauth.html
page.
Note
In order to use this option your must first provision the Captive Portal application in your Google Workspace and then configure integration settings. For more information and detailed guidance, see Google integration tutorial.