• Secure Mobile Access 10.2 for the SMA 100 Series
• About This Guide
  • Organization of This Guide
  • Guide Conventions
• Virtual Office Overview
  • About Virtual Office
    • Accessing Virtual Office Resources
  • Browser Requirements
  • About Certificates
  • About the Virtual Office Web Interface
  • Logging Out of the Virtual Office
• Using Secure Mobile Access Connect Agent
  • What is the Secure Mobile Access Connect Agent?
  • Supported Operating Systems
  • Downloading and Installation
  • Setting Up the SMA Connect Agent
    • Proxy Configuration
    • Logs
    • Browser Warning
  • End Point Control (EPC)
  • PDA (Personal Device Authorization)
    • SonicWall Application
• Using Virtual Office Authentication
  • Importing Certificates
  • Using Two-Factor Authentication
    • User Prerequisites
    • RSA Two-Factor User Authentication Process
      • Logging into Virtual Office Using RSA Two-Factor Authentication
      • Creating a New PIN
      • Waiting for the Next Token
    • VASCO Two-Factor User Authentication Process
      • Logging into Virtual Office Using VASCO Two-Factor Authentication
      • Other RADIUS Server Two-Factor User Authentication Process
    • DUO Security Authentication
  • Using One-Time Passwords
    • User Prerequisites
    • Logging In with an Email One-Time Password
    • Logging In with a Mobile App Time-based One-Time Password
    • Logging In with an SMS One-Time Password
    • Generating Backup Codes
    • Configuring One-Time Password Settings for E-mail
    • Configuring One-Time Password Settings for Mobile App
    • Configuring One-Time Passwords for SMS-Capable Phones
    • Configuring One-Time Password Settings for SMS
    • Verifying User One-Time Password Configuration
  • Using NetExtender
    • Prerequisites for Windows Clients
    • Prerequisites for Linux Clients
  • Using Mobile Connect
    • Prerequisites for Apple iOS Clients
    • Prerequisites for Android Smartphone Clients
    • Prerequisites for macOS Clients
  • Using File Shares
    • Using HTML-based File Shares
    • Downloading Files and Folders using HTML5 File Share
  • Managing Bookmarks
    • Adding Bookmarks
      • RDP Bookmarks
        • Determining the Remote Computer’s Full Name or IP Address
        • Configuring Remote Desktop Access on the Remote Computer
      • VNC Bookmarks
      • Citrix Bookmarks
      • Web Bookmarks
      • Mobile Connect Bookmarks
      • FTP Bookmarks
      • SSHv2 Bookmarks
    • Editing Bookmarks
    • Removing Bookmarks
    • Using Bookmarks
      • Using Remote Desktop Bookmarks
      • Using VNC Bookmarks
      • Using Citrix Bookmarks
      • Using Web Bookmarks
      • Using Mobile Connect Bookmarks
      • Using File Share Bookmarks
      • Using FTP Bookmarks
      • Using Telnet Bookmarks
      • Using SSHv2 Bookmarks
      • Global Bookmark Single Sign-On Options
      • Per-Bookmark Single Sign-On Options
• Warranty and License Agreements
  • GNU General Public License (GPL) Source Code
  • Limited Hardware Warranty
  • End User License Agreement
• SonicWall Support
  • About This Document

Per-Bookmark Single Sign-On Options

Secure Mobile Access supports per-bookmark single sign-on for the following bookmark services:

• Terminal Services (RDP)
• Web (HTTP)
• Secure Web (HTTPS)
• File Shares (CIFS)
• File Transfer Protocol (FTP)

Per-Bookmark SSO allows users to enable or disable SSO for individual bookmarks. This flexibility in specifying login credentials is useful in the following cases:

• Users who use multiple accounts to access a variety of resources.
• Users who use two-factor authentication to log in to the Secure Mobile Access Virtual Office, but use a static password to access other resources.
• Users who need to access servers that require a domain prefix.

To configure per-bookmark SSO

1. Before enabling SSO on an individual bookmark, you must first enable SSO globally as described in Global Bookmark Single Sign-On Options.
2. On the Virtual Office page, click +.
3. Select one of the service types that supports per-bookmark SSO: Terminal Services (RDP), Secure Web (HTTPS), File Shares (CIFS), or File Transfer Protocol (FTP).
4. To disable SSO for the bookmark, clear the Automatically log in check box.

5. To use SSO for the bookmark, select the Automatically log in check box and then select one of the following radio buttons:

   • Use SSL-VPN account credentials – allow login to the bookmark using the local user credentials configured on the SMA appliance.
   • Use custom credentials – allow login to the bookmark using the credentials you enter here; when selected, this option displays Username, Password, and Domain fields. Enter the custom credentials into the Username, Password, and Domain fields that are displayed.

   You can enter the custom credentials as text or use dynamic variables such as those shown in SSO Credentials: Dynamic Variables:

   SSO Credentials: Dynamic Variables

   Text Usage	Variable	Example Usage
   Login Name	%USERNAME%	US\%USERNAME%
   Domain Name	%USERDOMAIN%	%USERDOMAIN\%USERNAME%
   Group Name	%USERGROUP%	%USERGROUP%\%USERNAME%

6. For Web (HTTP) and Secure Web (HTTPS) bookmarks, select the Forms-based Authentication check box to use this method for SSO, and then fill in the following fields that are exposed:

   • Configure the User Form Field to be the same as the ‘name’ or ‘id’ attribute of the HTML element representing User Name in the Login form, for example:

     <input type=text name=’userid’>

   • Configure the Password Form field to be the same as the ‘name’ or ‘id’ attribute of the HTML element representing Password in the Login form, for example:

     <input type=password name=’PASSWORD’ id=’PASSWORD’ maxlength=128>

7. Enter the Username and password for the service.
8. Click ACCEPT.