To configure Windows Active Directory authentication
Click Add Domain or the Configure icon for the domain to edit. The Add Domain or Edit Domain window is displayed. If adding the domain, select Active Directory from the Authentication type drop-down menu. The Active Directory configuration fields are displayed.
Optionally select Enable client certificate enforcement to require the use of client certificates for login. By checking this box, you require the client to present a client certificate for strong mutual authentication. Two additional fields appear:
Select Auto-assign groups at login to assign users to a group when they log in.
Users logging into Active Directory domains are automatically assigned in real time to Secure Mobile Access groups based on their external AD group memberships. If a user’s external group membership has changed, their Secure Mobile Access group membership automatically changes to match the external group membership.
Optionally, select One-time passwords to enable the One Time Password feature. A drop-down menu appears, in which you can select User discretion, Use E-mail, Use Mobile App. These are defined as:
If you selected if configured or required for all users in the One-time passwords drop-down menu, the Active Directory AD e-mail attribute drop-down menu appears, in which you can select mail, mobile, pager, userPrincipalName, or custom. These are defined as:
If you select using domain name, an E-mail domain field appears following the drop-down menu. Type in the domain name where one-time password emails are sent (for example, abc.com
).
Select the type of user from the User Type drop-down menu. All users logging in through this domain are treated as this user type. The choices depend on user types defined already. Some possible choices are:
External Administrator – Users logging into this domain are treated as administrators, with local Secure Mobile Access admin credentials. These users are presented with the admin login page.
This option allows the Secure Mobile Access administrator to configure a domain that allows Secure Mobile Access admin privileges to all users logging into that domain.
SonicWall Inc. recommends adding filters that allow administrative access only to those users who are in the correct group. You can do so by editing the domain on the Users > Local Groups page.