SonicOS 8 Users

Users

  1. Navigate to the Device > Users > Settings > Authentication page.
  2. Next to Configure SSO, click Configure.

    The SSO Configuration page is displayed.

  3. Under Users tab, select the following:

    1. Enable Allow only users listed locally to allow only users listed locally to be authenticated.

    2. Enable Allow limited access for non-domain users to allow limited access to users who are logged in to a computer but not into a domain.

    3. If your network includes non-Windows devices or Windows computers with personal firewalls running select Enable Probe Users. In the Probe user for select one of the following, depending on which is configured for the SSO Agent:

      • NetAPI over NetBIOS

      • NetAPI over TCP

      • WMI

    4. Set the Probe timeout (seconds) for the firewall to probe for a response on the NetAPI/WMI port before requesting that the SSO Agent identify a user. The default is 5 seconds.

    5. Enable the Probe test mode to test that SSO probes are functioning correctly during SSO without interfering with user authentications. Probes are sent after initiating user authentication through the SSO agent. This setting is disabled by default.

    6. For the Mechanism for setting user group memberships, select either:

      • Use LDAP to retrieve user group information: to use LDAP to retrieve user information.

      • Local configuration: to use locally configured user group settings.

    7. In the Polling rate (minutes) field, enter a polling interval, in minutes. The default is 5 minutes.

    8. Enable the Poll the same agent that authenticated the user if the network topology requires that particular agents be used depending on the location of users, rather than polling any agent to determine if the user is still logged in. This setting is disabled by default.

    9. In the Hold time after (minutes) field, enter a time, in minutes, that the security appliance waits before trying again to identify traffic after an initial failure to do so. This feature rate limits requests to the agent to avoid possibly flooding it with requests if further traffic continues to be received from sources that repeatedly fail SSO. The default is 1 minute.

    10. In the after finding no user field, enter the number of minutes that the appliance should wait before trying again if it gets errors from the SSO agent or when the agent reports that no user is logged in. The default is 1 minute.

    11. Enable the Ramp up and select the rate.

    12. In When different SSO sources report different name variants for a user’s domain select any one of the following to give consistent naming for a domain in logging:

      • Use the domain name as received: is selected as default.

      • Always use a consistent domain name

  4. Click Save.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden