This article describes the steps to implement Sophos Transparent Authentication Suite (STAS) on Sophos UTM The following sections are covered:
Applies to the following Sophos products and versions Sophos UTM
Sophos Clientless SSO is in the form of Sophos Transparent Authentication Suite (STAS). The STAS consists of:
It is a user authentication information collection process:
Based on data from the STA Agent, UTM queries the AD server to determine group membership and access is granted or denied. Users logged into a workstation directly but not logged into the domain will not be authenticated, and are considered unauthenticated users. Users not logged into the domain will see the Captive Portal prompt for a manual login.
The UTM will cache the users when the collector reports the logon to it. If that user is removed from the cache, the STAS collector will never report the user to the UTM again as it already has reported to user, causing that user to not be authenticated.
Note: The UTM cache can be cleared by a reboot or the restarting the Argos service.
Implement Clientless SSO authentication with AD integration in a Single Domain Controller Environment, as shown in the diagram below:
Log in to your AD Server using the Administrator profile and install and configure STAS by following the steps below.
Note: Make sure the account that has been used to install/setup STAS has a Log on as a service rights.
1. Go to Start > Control Pannel > Administrative Tools > Local Security Policy > Local Policies > User Rights Assignment.
2. Double-click on Log on as a service > Add User or Group and then add the account you are using to install/setup STAS.
Configure the STA Agent
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.