• Secure Mobile Access
• About this Guide
  • Organization of this Guide
  • Guide Conventions
• About SonicWall Secure Mobile Access
  • About the SMA Appliance
  • Key SSL VPN Concepts and SMA Features
    • Resources
    • Users and Groups
    • Authentication
    • Communities
    • Access Policy
    • End Point Control (EPC)
    • SSL/TLS and Encryption
    • Single Sign-On
    • Sharing Configuration Data
    • Role-based Administration
    • System Monitoring and Logging
  • SonicWall SMA Components
    • Client Components and Access Methods
      • WorkPlace
      • Network Explorer
      • Connect Tunnel Clients
      • Mobile Connect App
      • Translated Web Access
      • Custom Port Mapping
      • Custom FQDN Mapping
    • End Point Control Components
    • Administrator Components
      • Setup Wizard
      • Appliance Management Console (AMC)
      • Access Services
  • Managing Multiple Appliances
    • Central Management Server
    • Global Traffic Optimizer
• Planning Your VPN
  • About Designing Your VPN
    • Who Will Access Your VPN?
    • Which Types of Resources Should Users Have Access To?
      • How Will Users Access Your Resources?
      • Tunnel, Proxy, or Web: Which Access Method is Best?
    • Security Administration
      • Defining Resources
        • Web Resources
        • Client/Server Resources
        • File Shares
      • Managing Access Control with an Access Policy
      • Access Control for Bi-Directional Connections
      • Design Guidelines for Access Rules
  • End Point Control
    • Advanced EPC
  • Putting It All Together: Using Realms and Communities
• Common VPN Configurations
  • About the Configurations
  • Deployment Scenario: Remote Access for Employees and Partners
    • Establishing an Authentication Realm
    • Identifying Users
    • Adding Resources
    • Creating Zones of Trust
      • Creating a Device Zone for Trusted Users
      • Creating a Device Zone for Partners
      • Creating a Quarantine Zone for Untrusted Users
  • Customizing WorkPlace
    • Modifying the Default Style and Layout
    • Creating a New WorkPlace Style and Layout
      • Creating a WorkPlace Style
      • Creating a Workplace Layout
    • Creating an Employee Community
      • Specifying Access Methods for Employees
      • Configuring End Point Control for Employees
      • Configuring the WorkPlace Appearance for Employees
    • Creating a Partner Community
      • Specifying an Access Method for Partners
      • Configuring End Point Control for Partners
      • Configuring WorkPlace Appearance for Partners
    • Access Control Lists
      • Adding a Rule for Limited Resources
      • Adding an Unrestricted Rule
  • Testing the Deployment Scenario
  • Other Remote Access VPN Scenarios
    • Providing Access to Web Resources
      • Defining Specific Web Resources
      • Web Resources on a Portion of Your Network
      • All Web Resources on Your Network
    • Web-Based File Access to Entire Networks
    • Broad Access to Network Resources
    • Remote Access for Mobile Users
  • Additional Partner VPN Scenarios
    • Access to a Specific Web Resource Using an Alias
    • Web-Based Access to a Client/Server Application
  • End Point Control Scenarios
    • Quarantining Employees on Untrusted Systems
    • Denying Access
  • Access Policy Scenarios
  • Application-Specific Scenarios
    • Providing Access to Outlook Web Access (OWA)
    • Providing Access to Voice Over IP (VoIP)
    • Providing Access to Windows Terminal Services or Citrix Resources
  • Authentication Scenarios
    • Using Multiple Realms vs Single Realm
  • Access Component Provisioning
    • Deploying the Same Agents to All Users
    • Deploying Different Agents to Different Users
• SonicWall Support
  • About This Document

Establishing an Authentication Realm

To authenticate your users, you must first define an authentication realm, which is the combination of an existing company directory and an authentication method.

To define an authentication realm

1. From the main navigation menu, navigate to User Access > Realms.

2. Click New Realm.

3. Enter a realm name in the Name field. For example, Company XYZ.

4. Optionally, enter a short description of the realm in the Description field.

5. Click New next to the Authentication server drop-down menu.

6. Select Microsoft Active Directory (Basic).

7. Click Continue.

8. Enter a name for the credential type in the Name field. For example, Company Directory.

   Resources sometimes require NTLM credentials to be forwarded to back-end Web servers; Outlook is often set up this way.

9. In the Primary domain controller field, type the host name (assuming you’ve already configured DNS) or IP address for the authentication server.

10. To perform Active Directory searches, the appliance must be able to log on to the authentication server.

    In the General section:

    1. In the Login name field, type the Active Directory login name.
    2. In the Password field, type the password that corresponds with the login name.

11. Click the Test button to validate that the connection is properly configured and that the authentication server is accessible from the appliance.

12. Expand the Advanced settings area.

13. Scroll down to the Domain Authentication Forwarding area to specify how the domain name portion of the credentials will be forwarded. In this section, select either:

    • Forward a custom domain name, the default, and enter the domain name in either NILM or Kerberos style.
    • Forward the authentication server name as the domain name.

14. In the One-Time Passwords section, select the Use one-time passwords with this authentication server checkbox to enable a one-time password. This is enabled by default. You can then choose to use either:

    • Time-Based One-Time Passwords (TOTP)
      1. Select Use the configured TOTP service.
      2. Select Use back-up codes, if you want to be able to use one-time use backup codes when one-time password generation issues occur.
    • Password sent by text message using SMS
      1. Select Use the configured service(s).
      2. Enter the length of the password in the Passwords contain field; the default is 8 characters.
      3. Select Send password via text message using SMS.
      4. Select from the Phone number masking drop down list how much of the user’s phone number will be displayed.
      5. In the Phone number attribute field, specify the type of device; the default is mobile.
      6. Enter the message to be sent to the user in the Message field; the default is Hi{username},Your one time password is:{password}.
      7. To test the message, enter a phone number in the Phone number field and click the Send test message button.
    • Password sent by email using SMTP
      1. Select Use the configured service(s).
      2. Enter the length of the password in the Passwords contain field; the default is 8 characters.
      3. Select Send password via email using SMTP.
      4. Select the type of acceptable characters, such as Alphabetic, Numeric from the characters drop-down menu.
      5. In the From address field, enter the email address from which email is sent to the user.
      6. Optionally, if the primary email address attribute exists on the authentication server, enter it in the Primary email address attribute field.
      7. Optionally, if the secondary email address attribute exists on the authentication server, enter it in the Secondary email address attribute field.
      8. Enter the subject for the email sent to the user in the Subject field; the default is One time password.
      9. Enter the message to be sent to the user in the Body field; the default is Hi {username}, Your one time password is: {password}.
      10. To test the message, enter an email address in the Email Address field and click the Send test message button.

15. Click Save.

    You are returned to the Configure Realm page.

16. From the Authentication server drop-down menu, select the authentication server you just configured (Company Directory).

17. Click Finish

    This will create communities within the Company XYZ realm later in this process.