SonicOS 7.1 Users
- SonicOS 7.1
- About SonicOS
- About User Management
- Using Local Users and Groups for Authentication
- Using RADIUS for Authentication
- Using LDAP/Active Directory/eDirectory Authentication
- Using RADIUS
- Using TACACS+
- Using Single Sign-On
- What is Single Sign-On?
- Benefits of SonicWall SSO
- Platforms and Supported Standards
- How Does Single Sign-On Work?
- How Does SSO Agent Work?
- How Does Terminal Services Agent Work?
- How Does Browser NTLM Authentication Work?
- How Does RADIUS Accounting for Single-Sign-On Work?
- Installing the Single Sign-On Agent and/or Terminal Services Agent
- Single Sign-On Advanced Features
- Configuring Access Rules
- Managing SonicOS with HTTP Login from a Terminal Server
- Viewing and Managing SSO User Sessions
- Multiple Administrator Support
- Configuring Users Status
- Configuring User Settings
- User Login Settings
- Setting the Authentication Method for Login
- Configuring RADIUS Authentication
- Configuring LDAP
- Configuring TACACS+
- Requiring User Names be Treated as Case-Sensitive
- Preventing Users From Logging in from More than One Location
- Forcing Users to Log In Immediately After Changing Their Passwords
- Displaying User Login Information Since the Last Login
- Setting the Single-Sign-On Methods
- One-Time Password Settings
- Configuring the User Web Login Settings
- Adding URLs to Authentication Bypass
- User Session Settings
- Accounting
- [[[Missing Linked File System.LinkedTitle]]]
- User Login Settings
- Configuring and Managing Partitions
- Configuring Local Users and Groups
- Configuring Guest Services
- Configuring Guest Accounts
- Managing Guest Status
- SonicWall Support
Configuring Local Users Settings
You can add local users to the internal database on the network security appliance from the Device > Users > Local Users & Groups page.
To create a user for an SSL VPN client, refer to SonicOS SSL VPN.
To add local users to the database
- Navigate to Device > Users > Local Users & Groups.
- Click the Add User.
- The User Settings select Settings tab.
- Select This represents a domain user if:
- If This represents a domain user is enabled then any group memberships, access rights, etc. that are set using this user object will apply for users who log in using the named domain account (authenticated via RADIUS or LDAP) or who are identified as that domain user by SSO. When it is checked you can then choose to have it apply for the named user account in a specific domain, or for a user with the given name in any domain.
- If This represents a domain user is not checked, then it is a local account and anything that is set using it will apply only for users who log in using it, authenticated locally (a password must be set here for this case).
- In the Name field, enter the name associated with the user.
- In the Password and Confirm Password fields, enter the password assigned to the user.
- Optional: select User must change password to force users to change their passwords the first time they login. This option is not selected by default.
-
From the One-time password method list, select the method to require SSL VPN users to submit a system-generated password for two-factor authentication:
When a Local User does not have a one-time password enabled, while a group it belongs to does, ensure the user’s email address is configured, otherwise this user cannot login.
To avoid another password change request for this user, this option applies only to the first login.
- Disabled (default) – If User must change password is selected, a dialog to change it displays at the first login attempt.
- OTP via Mail – Users receive a temporary password by email after they enter their user name and first password. After receiving the password-containing email, they can enter the second password to complete the login process.
-
TOTP – Users receive a temporary password by email after they input their user name and first password, but to use this feature, users must download a TOTP client app (such as Google Authentication, DUO, or Microsoft Authentication) on their mobile device.
The unbind totp key displays.
- In the E-mail Address field, enter the user’s email address so they can receive one-time passwords.
-
In Account Lifetime, select Never expires to make the account permanently. Or select Minutes, Hours, or Days to specify a lifetime after which the user account will either be deleted or disabled.
- Optional: In the Comment field, enter any comments.
- Click Save.
Was This Article Helpful?
Help us to improve our support portal