About Active Directory Single Sign-On (SSO)

When users log on to the computers in your network, they must give a user name and password. If you use Active Directory authentication on your Firebox to restrict outgoing network traffic to specified users or groups, your users must also complete an additional step. They must manually log in again to authenticate to the Firebox and get access to network resources or the Internet. To simplify the log in process for your users, you can use the WatchGuard Single Sign-On (SSO) solution. With SSO, your users on local networks provide their user credentials one time (when they log on to their computers) and are automatically authenticated to your Firebox.

Quick Start

For a quick summary of how to set up SSO for a single Active Directory domain, go to:


For detailed information about how SSO operates, see How Active Directory SSO Works.

To plan your SSO implementation, go to:

For information about how user authentication works on the Firebox, go to:

Install and Configure

You can configure more than one SSO method. For information about each method, see:

SSO Agent and Event Log Monitor

SSO Client

Exchange Monitor

After you configure one or more SSO components on your network, you must configure the Firebox for SSO. For information, go to Enable Active Directory SSO on the Firebox.


To troubleshoot your SSO implementation, go to: