User Management
607
SonicOS Enhanced 4.0 Administrator Guide
• Net API or WMI
How Does Single Sign-On Work?
SonicWALL SSO requires minimal administrator configuration and is a transparent to the user.
There are six steps involved in SonicWALL SSO authentication, as illustrated in Figure 52:5.
Figure 52:5 SonicWALL Single Sign-On Process
The SonicWALL SSO authentication process is initiated when user traffic passes through a
SonicWALL security appliance, for example, when a user accesses the Internet. The sent
packets are temporarily blocked and saved while the SonicWALL security appliance sends a
“User Name” request and workstation IP address to the authorization agent running the SSO
Agent.
The authorization agent running the SSO Agent provides the SonicWALL security appliance
with the username currently logged into the workstation. A User IP Table entry is created for
the logged in user, similar to RADIUS and LDAP.
Once a user has been identified, the SonicWALL security appliance queries LDAP or a local
database (based on administrator configuration) to find user group memberships, match the
memberships against policy, and grant or restrict access to the user accordingly. Upon
successful completion of the login sequence, the saved packets are sent on. If packets are
received from the same source address before the sequence is completed, only the most recent
packet will be saved.