Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSO Transparent Authentication "How To"

Hi,

We are with difficulty for authentication client on SSO mode(Single Sign On) transparent authentication.

I found a "How to" in site Sophos Community (community.sophos.com/.../123159) but using client "Sophos Single Sign-On Client" installed on workstation. We need to authenticate our windows AD users whithout  installing any client, Sophos SSO seems the way to do that but im not been able to do that. Users from AD are autenticating in user portal succesfully but SSO is not working properly as we required.

In latest version it was necesary to insert firewall into AD. but in new version i can not see where to do that, and i do not know if it is necessary.

Thank you for help!



This thread was automatically locked due to age.
Parents
  • .David, there is another thread that describes the how to of AD SSO. Following steps:
    1. Create an active directory authentication server (system - authentication -authentication Server)
    2. Set the authentication method for firewall to the AD server (system - authentication - authentication services)
    3. use the group import wizzard to import the necessary groups of AD. ( a button next to the edit button of of the created AD Server)
    4. Setup 2. policies. 1. network policy with drop action for the network traffic and 2. a user based policy with accept for the same direction with the permitted ports. into the second policy you have to configure the user groups you want to permit for this traffic.
    5. Configure your browser to use and transmit the windows credentials. IE does that per standard, Firefox has to be configured to do that: www.liquidstate.net/.../.
    unfortunately the log does not show how long the request than takes.
    In my Lab it does work for the internettraffic and browsing without getting a popup. But it seems to ne slower.
    Let me know if it helps.

    Christian

Reply
  • .David, there is another thread that describes the how to of AD SSO. Following steps:
    1. Create an active directory authentication server (system - authentication -authentication Server)
    2. Set the authentication method for firewall to the AD server (system - authentication - authentication services)
    3. use the group import wizzard to import the necessary groups of AD. ( a button next to the edit button of of the created AD Server)
    4. Setup 2. policies. 1. network policy with drop action for the network traffic and 2. a user based policy with accept for the same direction with the permitted ports. into the second policy you have to configure the user groups you want to permit for this traffic.
    5. Configure your browser to use and transmit the windows credentials. IE does that per standard, Firefox has to be configured to do that: www.liquidstate.net/.../.
    unfortunately the log does not show how long the request than takes.
    In my Lab it does work for the internettraffic and browsing without getting a popup. But it seems to ne slower.
    Let me know if it helps.

    Christian

Children