SonicOS 8 Users
- SonicOS 8
- About SonicOS
- About User Management
- Using Local Users and Groups for Authentication
- Using RADIUS for Authentication
- Using LDAP/Active Directory/eDirectory Authentication
- Using RADIUS
- Using TACACS+
- Using Single Sign-On
- What is Single Sign-On?
- Benefits of SonicWall SSO
- Platforms and Supported Standards
- How Does Single Sign-On Work?
- How Does SSO Agent Work?
- How Does Terminal Services Agent Work?
- How Does Browser NTLM Authentication Work?
- How Does RADIUS Accounting for Single-Sign-On Work?
- Installing the Single Sign-On Agent and/or Terminal Services Agent
- Single Sign-On Advanced Features
- Configuring Access Rules
- Managing SonicOS with HTTP Login from a Terminal Server
- Viewing and Managing SSO User Sessions
- Multiple Administrator Support
- Configuring Users Status
- Configuring User Settings
- User Login Settings
- Setting the Authentication Method for Login
- Configuring RADIUS Authentication
- Configuring LDAP
- Configuring TACACS+
- Requiring User Names be Treated as Case-Sensitive
- Preventing Users From Logging in from More than One Location
- Forcing Users to Log In Immediately After Changing Their Passwords
- Displaying User Login Information Since the Last Login
- Setting the Single-Sign-On Methods
- One-Time Password Settings
- Configuring the User Web Login Settings
- Adding URLs to Authentication Bypass
- User Session Settings
- Accounting
- [[[Missing Linked File System.LinkedTitle]]]
- User Login Settings
- Configuring Local Users and Groups
- Configuring Guest Services
- Configuring Guest Accounts
- Managing Guest Status
- SonicWall Support
Users
- Navigate to the Device > Users > Settings > Authentication page.
- Next to Configure SSO, click Configure.
The SSO Configuration page is displayed.
-
Under Users tab, select the following:
-
Enable Allow only users listed locally to allow only users listed locally to be authenticated.
-
Enable Allow limited access for non-domain users to allow limited access to users who are logged in to a computer but not into a domain.
-
If your network includes non-Windows devices or Windows computers with personal firewalls running select Enable Probe Users. In the Probe user for select one of the following, depending on which is configured for the SSO Agent:
-
NetAPI over NetBIOS
-
NetAPI over TCP
-
WMI
-
-
Set the Probe timeout (seconds) for the firewall to probe for a response on the NetAPI/WMI port before requesting that the SSO Agent identify a user. The default is 5 seconds.
-
Enable the Probe test mode to test that SSO probes are functioning correctly during SSO without interfering with user authentications. Probes are sent after initiating user authentication through the SSO agent. This setting is disabled by default.
-
For the Mechanism for setting user group memberships, select either:
-
Use LDAP to retrieve user group information: to use LDAP to retrieve user information.
-
Local configuration: to use locally configured user group settings.
-
-
In the Polling rate (minutes) field, enter a polling interval, in minutes. The default is 5 minutes.
-
Enable the Poll the same agent that authenticated the user if the network topology requires that particular agents be used depending on the location of users, rather than polling any agent to determine if the user is still logged in. This setting is disabled by default.
-
In the Hold time after (minutes) field, enter a time, in minutes, that the security appliance waits before trying again to identify traffic after an initial failure to do so. This feature rate limits requests to the agent to avoid possibly flooding it with requests if further traffic continues to be received from sources that repeatedly fail SSO. The default is 1 minute.
-
In the after finding no user field, enter the number of minutes that the appliance should wait before trying again if it gets errors from the SSO agent or when the agent reports that no user is logged in. The default is 1 minute.
-
Enable the Ramp up and select the rate.
-
In When different SSO sources report different name variants for a user’s domain select any one of the following to give consistent naming for a domain in logging:
-
Use the domain name as received: is selected as default.
-
Always use a consistent domain name
-
-
-
Click Save.
Was This Article Helpful?
Help us to improve our support portal