SonicOS 8 Users
- SonicOS 8
- About SonicOS
- About User Management
- Using Local Users and Groups for Authentication
- Using RADIUS for Authentication
- Using LDAP/Active Directory/eDirectory Authentication
- Using RADIUS
- Using TACACS+
- Using Single Sign-On
- What is Single Sign-On?
- Benefits of SonicWall SSO
- Platforms and Supported Standards
- How Does Single Sign-On Work?
- How Does SSO Agent Work?
- How Does Terminal Services Agent Work?
- How Does Browser NTLM Authentication Work?
- How Does RADIUS Accounting for Single-Sign-On Work?
- Installing the Single Sign-On Agent and/or Terminal Services Agent
- Single Sign-On Advanced Features
- Configuring Access Rules
- Managing SonicOS with HTTP Login from a Terminal Server
- Viewing and Managing SSO User Sessions
- Multiple Administrator Support
- Configuring Users Status
- Configuring User Settings
- User Login Settings
- Setting the Authentication Method for Login
- Configuring RADIUS Authentication
- Configuring LDAP
- Configuring TACACS+
- Requiring User Names be Treated as Case-Sensitive
- Preventing Users From Logging in from More than One Location
- Forcing Users to Log In Immediately After Changing Their Passwords
- Displaying User Login Information Since the Last Login
- Setting the Single-Sign-On Methods
- One-Time Password Settings
- Configuring the User Web Login Settings
- Adding URLs to Authentication Bypass
- User Session Settings
- Accounting
- [[[Missing Linked File System.LinkedTitle]]]
- User Login Settings
- Configuring Local Users and Groups
- Configuring Guest Services
- Configuring Guest Accounts
- Managing Guest Status
- SonicWall Support
Enforcement
The settings in the Enforcement tab are if you want to either trigger SSO on traffic from a particular zone, or bypass SSO for traffic from non-user devices such as internal proxy web servers or IP phones.
- Navigate to the Device > Users > Settings > Authentication page.
- Next to Configure SSO, click Configure.
The SSO Configuration page is displayed.
-
Under Enforcement tab, select the following:
-
Under Per-Zone SSO Enforcement, select for any zones on which you want to trigger SSO to identify users when traffic is sent.
-
DMZ
-
LAN
-
MGMT
-
VPN
-
-
Click Save.
These per-zone SSO enforcement settings are useful for identifying and tracking users in event logging and AppFlow Monitor visualizations, even when SSO is not otherwise triggered by content filtering, IPS, or Application Control policies, or by firewall access rules requiring user authentication.
-
-
To bypass SSO for traffic from certain services or locations and apply the default content filtering policy to the traffic, select the appropriate service or location from the list in the SSO Bypass table or add a new service or location to the table. The table displays the built-in services that bypass SSO; these services cannot be delete.
-
Click the Add Bypass button.
The Add an SSO bypass rule dialog displays.
-
For Bypass SSO for, select either the Services or Addresses.
-
Select a service or address from the drop-down menu.
-
Select the Bypass type:
-
Full bypass (don’t trigger SSO)
-
Trigger SSO but bypass holding packets while waiting for it
-
-
Click Save.
-
-
Enable SSO bypass user name for logging. This is enabled by default.
-
To select a SSO bypass user name for logging, select the Log user name <bypass name> for SSO bypasses and specify a name for the SSO bypassed user.
-
Optionally, select Create a dummy user. If this setting is enabled, on receiving SSO bypass traffic, a dummy user entry is created with the given user name for the originating IP address.
-
Optionally, specify an inactivity timeout, in minutes, in the Inactivity timeout (mins) field. The default is 15 minutes.
-
- Click Save.
Was This Article Helpful?
Help us to improve our support portal