Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 23 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 42209 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BYOD - SSO RADIUS Possible?

JamesE
I've looked at this support article: How to use RADIUS Authentication: Astaro Security Gateway/Sophos UTM

My understanding is that is just for getting back end user memberships and would not authenticate client side.

What we want to do is have our BYOD network clients authenticate with our UTM via their already typed in RADIUS credentials. This may not even be possible (i.e. not very familiar with RADIUS), or it may not be possible with version 9.208 (thus requiring a feature).

Currently we use the browser auth but this is not ideal. Thoughts? Obviously a key factor is that our users don't have to install anything, join the domain, or enter too many settings. The only other solution I can see is having them manually specify proxy settings with a username/password.


This thread was automatically locked due to age.
Parents
  • 0

    It's not possible to do SSO with RADIUS.  Do you have Active Directory?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Yes, the Radius server is authentication to AD. The users have AD credentials but the machines are not members of my domain as they are BYOD personal machines.

  • 0 in reply to brendan.daniel

    Did you ever get this to work? 

  • 0 in reply to envercpt

    We have a setup similar to this.

    Corporate & Guest using Cisco Routers/switches etc & Ubiquiti UAP Pro's. Our corporate devices using machine authentication. Our guests use user authentication. Both from AD. This allows our users to use the same password as they use to logon to the network so they only need to remember one password.

    Their devices are isolated via vlans and ACL's. Only corporate devices can get onto the corporate network due to machine authenticaton. So even though the user knows the password to authenticate on the corporate network, they can't get on unless we have specifically allowed the pc, laptop on.

    You need two profiles on the radius server CORP (machine authentication) & GUEST (user authenication) with machines/users placed in the various profiles/groups.
    CORP profile is 1st in list as users will drop straight through this to GUEST profile

  • 0 in reply to envercpt

    It works with Cloudpath ES & Ruckus AP's forwarding accounting info on to our XG firewall. Never ended up being supported on UTM as far as I know.

Reply Children
Unfiltered HTML