Installing an XGS126w for a client and in the process of setting up AD Authentication, just to clarify do I require the STAS to be installed on the AD server?
Also do I need the Client Authentication Agent to be installed too if STAS is installed?
Currently have AD setup in the XGS but wondering what other steps am missing?
Hi, Thanks for reaching out to Sophos Community.
STAS is required only when you require an SSO to authenticate users. Basically, with STAS, Users get authenticated when they login into their Machines which are enrolled into Active Directory.
If you want to use Client Authentication Agent with AD users, You won't need STAS. Simply integrate AD, Select AD server in "Firewall authentication methods" (Authentication > Services), Install CAA in the end machines and you're good to go!
Appreciate the quick response, great answer to my question so STAS replaces and removes the need for the CAA tool. I have integrated the AD server with the firewall but don't see any live users on the firewall. It pulled through the group but can't see any live users? Have used plaintext authentication to avoid any cert issues for now. Also will have users logging in via VPN to the firewall so using AD would be good rather than have to maintain a local database.
You won't be able to see users right after integrating AD and importing groups. Users will start showing up once they authenticate either via CAA or login via any other method. :)