Table of Contents
Advertisement
About Single Sign-On with Active Directory or LDAP
While most users are found through the Active Directory/Exchange Server/eDirectory method, the following
image represents an alternative method of locating users.
The Dell SonicWALL SSO Agent identifies users by IP address using a protocol compatible with Active Directory
and automatically determines when a user has logged out to prevent unauthorized access. Based on data from
the SSO Agent, the Dell SonicWALL security appliance queries LDAP or the local database to determine group
membership. Memberships are optionally checked by firewall policies to control who is given access, and can be
used in selecting policies for Content Filtering and Application Firewall to control what they are allowed to
access.
User names learned through SSO are reported in the Dell SonicWALL appliance logs of traffic and events from
the users. The configured inactivity timer applies with SSO but the session limit does not, though users who are
logged out are automatically and transparently logged back in when they send further traffic.
Users logged into a workstation directly, but not logged into the domain, cannot be authenticated. For users
who are not logged into the domain, an Authentication required screen displays, indicating that a manual login
is required for further authentication. Users who are identified, but lack the group memberships required by
the configured policy rules, are redirected to an Access Barred page.
Dell SonicWALL Directory Services Connector 3.7
9
Administration Guide
Advertisement
Table of Contents
