This is correct. In 14.0 SSL Orchestrator merges into the Access engine, so SWG functions become native as part of the SSLO per-request (service) policy.
But also important, authentication is not specifically a function of SWG. Auth is handled by APM. You would then use SWG to perform URL filtering and malware detection in the per-request policy. So in SSLO, you'd separate the two:
- Create an SWG-Explicit access profile to define user authentication (NTLM, Kerberos, Basic...).
- In SSLO, define Deployment Settings, forward proxy SSL settings, Services, a default service policy, and install the "default outbound rules" to specify an explicit forward proxy.
- After creating the default outbound rules, you'll see an interception rule with the "-xp" ending. Edit this interception rule and attach the SWG-Explicit access policy.
- Your configuration is essentially done here, and you'll be authenticating forward proxy traffic. You can then optionally go into the created service policy visual policy and make any needed modifications to do additional URL filtering.