Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

How can I Install Single Sign On (SSO) software and configure the SSO feature?

01/16/2023 645 People found this article helpful 220,164 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    This article details how to install and setup the SSO Feature in conjunction with a SonicWall UTM appliance. The SSO Feature is used for transparent accounting and management of LDAP or RADIUS Users which in turn allows Users to have Content Filtering, Firewall Access Rules, Security Services, and other SonicWall features applied to them as desired. SSO obtains this information by polling local devices as needed and passing that information to the SonicWall for verification against LDAP or RADIUS.

    Resolution

    Resolution for SonicOS 6.5

    This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.


    Pre-Installation

    To use the SonicWall SSO Feature, it is required that the SonicWall SSO Agent (Directory Connector) be installed on a Windows Server within your Domain that can reach the necessary Clients and can be reached from the SonicWall, either directly or through a VPN. The following requirements must be met in order to run the SSO Agent:

    • Port 2258 or a designated Custom Port must be open and in Listening Status.
    • The designated Port cannot be used for any other traffic.
    • One of the following Operating Systems.

      Windows Server 2012, 64-bit
      Windows Server 2012 R2, 64-bit
      Windows Server 2008 R2, 64-bit
      Windows Server 2008, 32-bit and 64-bit

    • A minimum of .NET Framework 4.0 or 4.5 on the server.

    Installing and Configuring Directory Connector

    1. Locate the SonicWall Directory Connector executable file and double click it. It may take several seconds for the InstallShield to prepare for the installation.
    2. On the Welcome page, click Next.
      Image

    3. The License Agreement displays. Select I accept the terms in the License Agreement and click Next.
      Image

    4. Select the destination folder. To use the default Folder/Path click Next. To specify a custom location, click Change, select the folder, and click Next.
      Image

    5. To configure a common service account that the SSO Agent will use to log into a specified Windows Domain, enter the Username of an account with administrative privileges in the Username field, the Password for the account in the Password field, and the Domain Name of the account in the Domain Name field. Click Next.
      Image

    6. Enter the Private IP Address of your SonicWall in the SonicWall Appliance IP field. Type the Port Number for appliance in the SonicWall Appliance Port field. The default Port Number is 2258. Enter a Shared Key in the Shared Key field. Click Next.


      NOTE:The Shared Secret must be an even number of Characters from 0-9, a-f, and/or A-F. No other Characters will be accepted.

      Image

    7. Click Install and the SonicWall SSO Agent installs. The status bar displays.
      Image

    8. When installation is complete check the Launch SonicWall Directory Connector box to launch the SonicWall Directory Connector, and click Finish.
      Image

    9. The SonicWall Directory Connector GUI will display. From here you can configure the Directory Connector.
      Image

    10. Right click on SonicWall SSO Agent and select Properties. Verify all the Settings on here are setup according to your environment.

      NOTE: There are no Best Practices for setting up this information and it will depend on your environment. If you're unsure what to use, utilize the default configuration. 
      Image

    11. Go to Domain Controllers and click Auto Discovery

    Image

    Configuring Single-Sign on in the SonicWall

    1. Login to your SonicWall management page and click  Manage tab on top of the page.
    2. Navigate to Users | Settings page. On right side, click Authentication tab.
    3. In Single-sign-on method(S): Enable SSO by click 'X' button near SSO Agent and click Configure.
      Image

    4. In SonicWall SSO Authentication Configuration Window, Under SSO Agents tab below Authentication Agent Settings click Add.
    5. In Add agent window, Under Settings configure below information.

      • Host Name or IP Address
      • Port
      • Shared Key & Confirm Shared Key
      • You will also be asked to set the Timeout and amount of Retries before a query fails. These have default values and can be edited as needed.
        Image

    6. Click SAVE button and you should see the Bubble associated with the SSO Agent turn Green, indicating the SonicWall can reach the SSO Agent.
      Image

    7. Navigate to the Test tab on the SSO Popup window and select the new Agent as the Select agent to test option. Set the radio option to Check agent connectivity and then input an IP Address into Workstation IP address that you know a User is logged into. Finally select Test, you should show the correct User and information returned.
      Image



    Resolution for SonicOS 6.2 and Below

    The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.


    Pre-Installation

    To use the SonicWall SSO Feature, it is required that the SonicWall SSO Agent (Directory Connector) be installed on a Windows Server within your Domain that can reach the necessary Clients and can be reached from the SonicWall, either directly or through a VPN. The following requirements must be met in order to run the SSO Agent:

    • Port 2258 or a designated Custom Port must be open and in Listening Status.
    • The designated Port cannot be used for any other traffic.
    • One of the following Operating Systems.
       Windows Server 2012, 64-bit
       Windows Server 2012 R2, 64-bit
      Windows Server 2008 R2, 64-bit
      Windows Server 2008, 32-bit and 64-bit
    • A minimum of .NET Framework 4.0 or 4.5 on the server.

    Installing and Configuring Directory Connector

    1. Locate the SonicWall Directory Connector executable file and double click it. It may take several seconds for the InstallShield to prepare for the installation.
    2. On the Welcome page, click Next.
      Image

    3. The License Agreement displays. Select I accept the terms in the License Agreement and click Next.
      Image

    4. Select the destination folder. To use the default Folder/Path click Next. To specify a custom location, click Change, select the folder, and click Next.
      Image

    5. To configure a common service account that the SSO Agent will use to log into a specified Windows Domain, enter the Username of an account with administrative privileges in the Username field, the Password for the account in the Password field, and the Domain Name of the account in the Domain Name field. Click Next.
      Image

    6. Enter the Private IP Address of your SonicWall in the SonicWall Appliance IP field. Type the Port Number for appliance in the SonicWall Appliance Port field. The default Port Number is 2258. Enter a Shared Key in the Shared Key field. Click Next to continue.

      NOTE: The Shared Secret must be an even number of Characters from 0-9, a-f, and/or A-F. No other Characters will be accepted.

      Image

    7. Click Install and the SonicWall SSO Agent installs. The status bar displays.
      Image

    8. When installation is complete check the Launch SonicWall Directory Connector box to launch the SonicWall Directory Connector, and click Finish.
      Image

    9. The SonicWall Directory Connector GUI will display. From here you can configure the Directory Connector.
      Image

    10. Right click on SonicWall SSO Agent and select Properties. Verify all the Settings on here are setup according to your environment.

      NOTE: There are no Best Practices for setting up this information and it will depend on your environment. If you're unsure what to use, utilize the default configuration. Image

    11. Go to Domain  Controllers and click Auto Discovery

    Image



    Configuring Single-Sign on in the SonicWall






    1. Login to the SonicWall Management GUI and navigate to Users | Settings | Configure SSO.
      Image

    2. Select Add... and input the following information that you created when installing Director Connector.

      • Host IP Address
      • Shared Key
      • Port
             You will also be asked to set the Timeout and amount of Retries before a query fails. These have default values and can be edited as needed.

    3. Click Apply and you should see the Bubble associated with the SSO Agent turn Green, indicating the SonicWall can reach the SSO Agent.Image

    4. Navigate to the Test tab on the SSO Popup window and select the new Agent as the "Select agent to test" option. Set the radio option to "Check agent connectivity" and then input an IP Address into "Workstation IP address" that you know a User is logged into. Finally select Test, you should show the correct User and information returned.Image


    Related Articles

    • Bandwidth usage and tracking in SonicWall
    • How to force an update of the Security Services Signatures from the Firewall GUI
    • Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.

    Categories

    • Firewalls > NSa Series > User Login
    • Firewalls > NSv Series > User Login
    • Firewalls > TZ Series > User Login

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top