Security policies enable traffic to flow between networks. If you want to limit which users have access to particular resources, you create identity-based policies (IBP) that allow access only to members of specific user groups. Authentication, a request for username and password, is triggered when a user attempts to access a resource for which data must pass through an identity-based policy.

The user’s authentication expires if the connection is idle for too long, 5 minutes by default but that can customized.

Identity-based policies are the mechanism for FSSO, NTLM, certificate based, and RADIUS SSO authentication.