SMA-Specific Differences when Configuring Features in Configuration Masters

When you configure a feature in a Configuration Master, note the following differences from configuring the same feature directly on the Web Security appliance.

Feature Configuration: Differences between Configuration Master and Web Security Appliance
Feature or Page	Details
All features, especially new features in each release	For each feature that you configure in a Configuration Master, you must enable the feature in the Security Management appliance under Web > Utilities > Security Services Display. For more information, see Ensuring that Features are Enabled Consistently.
Identities/Identification Profiles	See Tip for Working with Identities/Identification Profiles in Configuration Masters. The Identify Users Transparently option when adding or editing an Identity/Identification Profile is available when a Web Security appliance with an authentication realm that supports transparent user identification has been added as a managed appliance.
Policies that use a Cisco Identity Services Engine (ISE) to identify users	Secure Group Tag (SGT) information is updated from the Web Security appliances approximately every five minutes. The management appliance does not communicate directly with the ISE server. To update the list of SGTs on demand, select Web > Utilities > Web Appliance Status, click a Web Security appliance that is connected to the ISE server, then click Refresh Data. Repeat as needed for other appliances. The common deployment scenario is that a company has only one ISE server (this is the whole point of ISE) that all WSAs connect to. Multiple ISE servers with different data are not supported.
Access Policies > Edit Group	When you configure the Identities /Identification Profiles and Users option in the Policy Member Definition section, the following applies if you use external directory servers: When you search for groups on the Edit Group page, only the first 500 matching results are displayed. If you do not see the desired group, you can add it to the “Authorized Groups” list by entering it in the Directory search field and clicking the Add button.
Access Policies > Web Reputation and Anti-Malware Settings
SaaS Policies	The authentication option “Prompt SaaS users who have been discovered by transparent user identification” is available only when a Web Security appliance with an authentication realm that supports transparent user identification has been added as a managed appliance.