As a part of the WatchGuard Single Sign-On (SSO) solution, you can install the WatchGuard SSO Client.
For compatibility information and a detailed explanation of how the SSO Client works, see How Active Directory SSO Works.
You can choose one or both of these installation methods:
- Install the SSO Client manually on each workstation. If you configure more than one Active Directory domain, your users must install the SSO Client. For more information, see Configure Active Directory Authentication.
- Deploy the SSO Client automatically to multiple workstations.
For your users with macOS, before they can successfully use the SSO Client, they must make sure their computers have joined the Active Directory domain. For more information about domain membership for macOS clients, see the documentation for your Active Directory server.
Download the SSO Client Software
- Go to the WatchGuard Software Downloads Center.
- Find the software downloads page for your Firebox model.
- Download the WatchGuard Single Sign-On Client software installer file for your computer:
- Windows — WG-Authentication-Client.msi
- macOS — WG-SSOCLIENT-MAC.dmg
- Save the file to a convenient location.
Install the SSO Client
To install the SSO Client:
- Double-click the SSO Client installer file you downloaded.
On some operating systems, you might have to type a local administrator password to run the installer, or right-click the file and select Run As Administrator.
The Authentication Client Setup Wizard starts.
- To install the software, follow the instructions on each page of the wizard and complete the wizard.
- To see which drives are available to install the client, and how much space is available on each of these drives, click Disk Cost.
- Click Close to exit the wizard.
When the SSO Client is installed on a Windows computer, after the wizard completes, the WatchGuard Authentication Client service starts automatically. Each time the computer starts, the service starts automatically.
The SSO Client for a macOS computer has two components: ssodaemon.app and ssoclient.app. After the wizard completes, ssodaemon.app and ssoclient.app start automatically. Each time the macOS computer starts, ssodaemon.app starts automatically. When a user logs in to the computer with credentials stored in your Active Directory server, ssoclient.app starts and the user can authenticate with SSO.
You can use Active Directory Group Policy to remotely deploy the SSO Client to Windows users. For example, you can configure Group Policy to install the SSO Client automatically after a user logs in to Windows. The Windows SSO Client installer is an .MSI file that you can deploy through Group Policy.
When you specify the location of the SSO Client .MSI file, be sure to use a path that points to a network location. Do not use a path that points to a local drive, such as your C: drive.
For more information about software installation deployment for Active Directory group policy objects, see the documentation for your operating system, or this resource on the Microsoft website:
- Editing Software Settings — How to use Group Policy to install software on Windows Server 2012 (also applies to Windows Server 2016)
You can use a client management application to remotely deploy the SSO Client to your macOS users. For example, you can use Apple Remote Desktop to schedule the SSO Client to install at a specific date and time, without user interaction. To use Apple Remote Desktop for software deployment, you must enable Remote Management in the operating system settings on your macOS clients.
The SSO Client for macOS is a .DMG file that contains a .PKG file. To use the .PKG file to deploy the SSO Client through Apple Remote Desktop:
- After you download the SSO Client for macOS, open the .DMG file.
The ssoclient-installer.pkg file appears.
- Use Apple Remote Desktop to deploy the ssoclient-installer.pkg file to your macOS users.
For more information about software deployment with Apple Remote Desktop, see the Install Software section in the Remote Desktop Help topic on the Apple website.