What applies a security group tag to an authenticating RADIUS user or endpoint?

Dynamic classification is the process that applies a security group tag (SGT) to an authenticating RADIUS user or endpoint based on the context of their authentication. When a device connects to the network, it initiates an authentication process managed by RADIUS. During this process, the identity of the user or device is verified. Based on this identity and other contextual information, such as time of day, location, or device type, dynamic classification allows the system to assign an appropriate SGT for that user or endpoint.

This mechanism is vital for enforcing security policies in a more granular way, ensuring that access control can be adjusted dynamically based on the context. It enhances security by enabling decisions based on real-time information rather than static configurations.

In contrast, static mappings, like IP address-to-SGT or VLAN-to-SGT mappings, involve predefined configurations that do not change according to the current authentication context. SXP propagation relates to the transfer of SGTs between devices but does not pertain to the initial assignment based on user authentication. Dynamic classification stands out as a flexible, context-aware method for tagging users and endpoints based on their authentication and network role.