I'm currently using AD SSO backend sync (Web protection/filter in transparent mode). I have clients of our devices (Windows, Mac, Android) as well as many guest devices (iPhones, iPads, etc.).
Due to this I set the authentication timeout to be 8 hours so users would basically authenticate once a day on their devices (if they aren't on our device the UTM is popping up with a sign-in pop up or window in their browser just as it should).
The issue I'm currently having is we have Chromebooks internally, these cannot pickup the AD SSO like our windows machines, however the "browser" authentication mode works great for them (Device-specific authentication -> Linux).
The only issue with this is that the chromebook users, since they are being prompt via the browser login, are basically logging in once per device per day -- even if the chromebook user changes: User A is the first user to use chromebook 1 today, they get the prompt and authenticate. User B goes to use chromebook and isn't prompt due to the session still being within the 8-hour window according the firewall and therefore is authenticated as if they were user A.
So ultimately my questions are:
- It doesn't look like there is any way to specific a authentication session timeout per filter policy, profile, or device type - is this true?
- Due to the above would my only option be to set all authentication timeouts to be X amount of time so the chromebooks would need to authenticate per user due to session time?
- Has anyone else encountered this or something similar and found a good resolution?
This thread was automatically locked due to age.
