Abstract: In various embodiments, techniques can be provided for identifying a user or group of users who initiated network traffic. The user or group of users may be identified as an employee who can be found in corporate or organizational directory. In some embodiments, different authentication mechanisms may be used for various types of network traffic. For example, by proxying instant messaging (IM) communications, a proxy server can know which users are associated with what network traffic. In another example, transparent and non-transparent mechanisms may be provided to authenticate HTTP URL traffic. For other types of traffic, such as non-proxied IM, P2P, and spyware, an existing authentication cache or credential cache may be used to identify the user who generated the traffic.