Captive portal

Some phones has no update for auth on ntlm/ad sso mode of authentication.

STAS is a method of authentication.
AD SSO is a method of authentication.

Having both enabled at the same time causes problems as they both try to authenticate the same connection.

I just use STAS and Web Authentication method. 

This means l should remove AD SSO,(I should turn off Match known users)??? if l want to use STAS and web authentication 

STAS uses Client Authentication [Option Under the administration > device access] And captive Portal uses captive portal. To continue use the STAS the option "Match known user" is compulsory. And for captive portal option "Use web authentication for unknown users" is compulsory 

Okay 

So how do l solve this case, let's say the two authentication methods are causing problems  

if l don't want to use AD SSO and l want to use Web and STAS ONLY 

Does this mean l should disable AD SSO in Device Access 

Does this mean l should disable AD SSO in Device Access 

Yes, AD SSO & STAS are two separate authentication methods, if you want to use use Web and STAS ONLY create separate rules as per the suggested option enablement mentioned above. Anesu Dangarembwa  and disable the AD SSO.