in your access rule you are comparing the Server AUTH_USER variable to the SecurityAssist_UserID session variable
set the access rule up as:
Allow IF
Variable: click the plus button and select the SecurityAssist_UserID session variable
comparison: !=
value: leave this blank, do not enter anything.