SonicOS 8 Users

What is Single Sign-On?

Single Sign-On (SSO) is a transparent user authentication mechanism that provides privileged access to multiple network resources with a single domain login to a workstation or through Windows Terminal Services or a Citrix server.

SonicWall SonicWall network security appliances provide Single Sign-On (SSO) functionality using the Single Sign-On Agent (SSO Agent) and the SonicWall Terminal Services Agent (TSA) to identify user activity. The SSO Agent identifies users based on their workstation IP address, while the TSA identifies users through a combination of server IP address, username, and domain..

SonicWall SSO is also available for Mac and Linux users when used with Samba. Additionally, browser NTLM authentication allows SonicWall SSO to authenticate users who send HTTP traffic without involving the SSO Agent or Samba.

SonicWall SSO is configured in the Device > Users > Settings page of the SonicWall management interface. SSO is separate from the Authentication method for login settings, which can be used at the same time for authentication of VPN/L2TP client users or administrative users.

Based on data from SonicWall SSO Agent or TSA, the Security Appliance queries LDAP or the local database to determine group membership. Memberships are optionally checked by firewall policies to control who is given access, and can be used in selecting policies for Content Filtering and Application Control to control what they are allowed to access. User names learned UNIX SSO are reported in logs of traffic and events from the users, and in AppFlow Monitoring.

The configured inactivity timer applies with SSO, but the session limit does not. However, users who are logged out are automatically and transparently logged back in when they send further traffic.

Users logged into a workstation or Terminal Services/Citrix server directly, but not logged into the domain, are not authenticated unless they send HTTP traffic and browser NTLM authentication is enabled. (However, they can optionally be authenticated for limited access.) For users who are not authenticated by SonicWall SSO, a message will display indicating that a manual login to the Security Appliance is required for further authentication.

Users who are identified but lack the necessary group memberships required by the configured policy rules will be redirected to the Access Barred page.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden