Install the WatchGuard Single Sign-On (SSO) Client

As a part of the WatchGuard Single Sign-On (SSO) solution, you can install the WatchGuard SSO Client. The SSO Client installs as a service that runs under the Local System account on a workstation to verify the credentials of the user currently logged in to that computer. When a user tries to authenticate, the SSO Agent sends a request to the SSO Client for the user's credentials. The SSO Client then returns the credentials of the user who is logged in to the workstation.

The SSO Client listens on TCP port 4116. When you install the SSO Client, port 4116 is automatically opened on the workstation firewall.

If you configure multiple Active Directory domains, your users must install the SSO Client. For more information, see Configure Active Directory Authentication.

For your users with a Windows operating system, because the SSO Client installer is an MSI file, you can choose to force users to automatically install it on your their computers when they log on to your domain. You can use an Active Directory Group Policy to automatically install software when users log on to your domain. For more information about software installation deployment for Active Directory group policy objects, see the documentation for your operating system.

For your users with Mac OS X, before they can successfully use the SSO Client, they must make sure their computers have joined the Active Directory server. For more information, see the documentation for your Active Directory server.

Download the SSO Client Software

  1. Open a web browser and go to
  2. Log in with your WatchGuard account user name and password.
  3. Select the Articles & Software tab.
  4. Find the Software Downloads available for your Firebox or XTM device.
  5. Download the WatchGuard Single Sign-On Client software installer file:
  6. Save the file to a convenient location.

Install the SSO Client

To install the SSO Client:

  1. Double-click the SSO Client installer file you downloaded.
    On some operating systems, you might need to type a local administrator password to run the installer.
    The Authentication Client Setup Wizard starts.
  2. To install the software, follow the instructions on each page and complete the wizard.
  3. To see which drives are available to install the client, and how much space is available on each of these drives, click Disk Cost.
  4. Click Close to exit the wizard.

When the SSO Client is installed on a Windows computer, after the wizard completes, the WatchGuard Authentication Client service starts automatically. Each time the computer starts, the service starts automatically.

The SSO Client for a Mac OS X computer has two components: and After the wizard completes, and start automatically. Each time the Mac OS X computer starts, starts automatically. Then, when a user logs in to the computer with credentials stored in your Active Directory server, starts and the user can authenticate with SSO.

See Also

About Single Sign-On (SSO)

Install the WatchGuard Single Sign-On (SSO) Agent

Enable Single Sign-On (SSO)

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base