Authenticate AD Users - Best solution

Question

Hey, 
 I&rsquo;m currently looking for the best way to get AD user authentication working for web filtering. 
 At the moment, we&rsquo;re using STAS to authenticate our users, but this causes several issues, as RDP is not supported. 
 Our consultant recommended synchronized user ID authentication over Heartbeat as a potential solution to our problems. However, the first test with Sophos Endpoint and synchronized user ID authentication has been unsatisfactory. When we switch networks, we have to wait 2-3 minutes for the new connection to be recognized by the firewall. 
 The consultant&rsquo;s response was to use both STAS and synchronized user ID authentication, but this is simply not working. When STAS is activated, we see near-zero synchronization of user IDs. 
 Are we doing something wrong or are our expectations too high? 
 What is the best solution for authenticating AD users for web filtering? 
 Thanks.

Mayur Makvana · Answer

Hello Kest! 
 Thank you for contacting Sophos Community! 
 It is recommended to use either of the authentication method. As having STAS and Heartbeat likely to create an issue as it keeps on switching the user authentication method. 
 For STAS, I recommend reviewing the below best practices: 
 Sophos Firewall: Best practice for STAS 
 Also request to review video added on Techvid: 
 https://techvids.sophos.com/watch/wmQ3BJ7JW34K79iCzo651c 
 https://techvids.sophos.com/watch/i9rFuwcJgHDJGz6R1s6fpq 
 Similarly, review the KBA for the heartbeat authentication: 
 https://docs.sophos.com/nsg/sophos-firewall/21.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/SophosCentral/SecurityHeartbeatOverview/index.html 
 If you still faces any issue with the user authentication. Please feel free to post your observation and we could try helping with the possible options.