As a part of the WatchGuard Single Sign-On (SSO) solution, you can install the WatchGuard SSO Client. The SSO Client installs as a service that runs under the Local System account on a workstation to verify the credentials of the user currently logged in to that computer. When a user tries to authenticate, the SSO Agent sends a request to the SSO Client for the user's credentials. The SSO Client then returns the credentials of the user who is logged in to the workstation.
The SSO Client listens on TCP port 4116. When you install the SSO Client, port 4116 is automatically opened on the workstation firewall.
If you configure multiple Active Directory domains, your users must install the SSO Client. For more information, see Configure Active Directory Authentication.
For your users with a Windows operating system, because the SSO Client installer is an MSI file, you can choose to force users to automatically install it on your their computers when they log on to your domain. You can use an Active Directory Group Policy to automatically install software when users log on to your domain. For more information about software installation deployment for Active Directory group policy objects, see the documentation for your operating system.
For your users with Mac OS X, before they can successfully use the SSO Client, they must make sure their computers have joined the Active Directory server. For more information, see the documentation for your Active Directory server.
To install the SSO Client:
When the SSO Client is installed on a Windows computer, after the wizard completes, the WatchGuard Authentication Client service starts automatically. Each time the computer starts, the service starts automatically.
The SSO Client for a Mac OS X computer has two components: ssodaemon.app and ssoclient.app. After the wizard completes, ssodaemon.app and ssoclient.app start automatically. Each time the Mac OS X computer starts, ssodaemon.app starts automatically. Then, when a user logs in to the computer with credentials stored in your Active Directory server, ssoclient.app starts and the user can authenticate with SSO.
About Single Sign-On (SSO)
Install the WatchGuard Single Sign-On (SSO) Agent
Enable Single Sign-On (SSO)