When users log on to the computers in your network, they must give a user name and password. If you use Active Directory authentication on your Firebox to restrict outgoing network traffic to specified users or groups, your users must also complete an additional step. They must manually log in again to authenticate to the Firebox and get access to network resources or the Internet. To simplify the log in process for your users, you can use the WatchGuard Single Sign-On (SSO) solution. With SSO, your users on local networks provide their user credentials one time (when they log on to their computers) and are automatically authenticated to your Firebox.
For a quick summary of how to set up SSO for a single Active Directory domain, go to:
- Quick Start — Set Up Active Directory Single Sign-On (SSO)
- Getting Started with SSO video tutorial (9 minutes)
For detailed information about how SSO operates, see How Active Directory SSO Works.
To plan your SSO implementation, go to:
For information about how user authentication works on the Firebox, go to:
- About User Authentication
- Set Global Firewall Authentication Values
- Configure Active Directory Authentication
Install and Configure
You can configure more than one SSO method. For information about each method, see:
SSO Agent and Event Log Monitor
- Install the WatchGuard Single Sign-On (SSO) Agent and Event Log Monitor
- Configure the SSO Event Log Monitor
- Configure the Active Directory SSO Agent
After you configure one or more SSO components on your network, you must configure the Firebox for SSO. For information, go to Enable Active Directory SSO on the Firebox.
To troubleshoot your SSO implementation, go to: