• Secure Mobile Access
• About this Guide
  • Organization of this Guide
  • Guide Conventions
• About SonicWall Secure Mobile Access
  • About the SMA Appliance
  • Key SSL VPN Concepts and SMA Features
    • Resources
    • Users and Groups
    • Authentication
    • Communities
    • Access Policy
    • End Point Control (EPC)
    • SSL/TLS and Encryption
    • Single Sign-On
    • Sharing Configuration Data
    • Role-based Administration
    • System Monitoring and Logging
  • SonicWall SMA Components
    • Client Components and Access Methods
      • WorkPlace
      • Network Explorer
      • Connect Tunnel Clients
      • Mobile Connect App
      • Translated Web Access
      • Custom Port Mapping
      • Custom FQDN Mapping
    • End Point Control Components
    • Administrator Components
      • Setup Wizard
      • Appliance Management Console (AMC)
      • Access Services
  • Managing Multiple Appliances
    • Central Management Server
    • Global Traffic Optimizer
• Planning Your VPN
  • About Designing Your VPN
    • Who Will Access Your VPN?
    • Which Types of Resources Should Users Have Access To?
      • How Will Users Access Your Resources?
      • Tunnel, Proxy, or Web: Which Access Method is Best?
    • Security Administration
      • Defining Resources
        • Web Resources
        • Client/Server Resources
        • File Shares
      • Managing Access Control with an Access Policy
      • Access Control for Bi-Directional Connections
      • Design Guidelines for Access Rules
  • End Point Control
    • Advanced EPC
  • Putting It All Together: Using Realms and Communities
• Common VPN Configurations
  • About the Configurations
  • Deployment Scenario: Remote Access for Employees and Partners
    • Establishing an Authentication Realm
    • Identifying Users
    • Adding Resources
    • Creating Zones of Trust
      • Creating a Device Zone for Trusted Users
      • Creating a Device Zone for Partners
      • Creating a Quarantine Zone for Untrusted Users
  • Customizing WorkPlace
    • Modifying the Default Style and Layout
    • Creating a New WorkPlace Style and Layout
      • Creating a WorkPlace Style
      • Creating a Workplace Layout
    • Creating an Employee Community
      • Specifying Access Methods for Employees
      • Configuring End Point Control for Employees
      • Configuring the WorkPlace Appearance for Employees
    • Creating a Partner Community
      • Specifying an Access Method for Partners
      • Configuring End Point Control for Partners
      • Configuring WorkPlace Appearance for Partners
    • Access Control Lists
      • Adding a Rule for Limited Resources
      • Adding an Unrestricted Rule
  • Testing the Deployment Scenario
  • Other Remote Access VPN Scenarios
    • Providing Access to Web Resources
      • Defining Specific Web Resources
      • Web Resources on a Portion of Your Network
      • All Web Resources on Your Network
    • Web-Based File Access to Entire Networks
    • Broad Access to Network Resources
    • Remote Access for Mobile Users
  • Additional Partner VPN Scenarios
    • Access to a Specific Web Resource Using an Alias
    • Web-Based Access to a Client/Server Application
  • End Point Control Scenarios
    • Quarantining Employees on Untrusted Systems
    • Denying Access
  • Access Policy Scenarios
  • Application-Specific Scenarios
    • Providing Access to Outlook Web Access (OWA)
    • Providing Access to Voice Over IP (VoIP)
    • Providing Access to Windows Terminal Services or Citrix Resources
  • Authentication Scenarios
    • Using Multiple Realms vs Single Realm
  • Access Component Provisioning
    • Deploying the Same Agents to All Users
    • Deploying Different Agents to Different Users
• SonicWall Support
  • About This Document

Single Sign-On

Single Sign-On (SSO) is an option that controls whether user credentials are forwarded to back-end Web resources. Configuring the appliance to use SSO prevents the user from having to log in multiple times (once to get to the appliance, and again to access an application resource).

The ability to support dynamic run time forms using SSO authentication has been added. This feature provides logged-in users the capability to Single Sign On to web applications that use HTML forms. For more details on how to configure SSO authentication, refer to the SMA 12.4 Administration Guide.

The appliance supports several types of Web-based SSO:

• Basic authentication forwarding is a widely supported form of authentication forwarding, but is not very secure because it sends passwords in the clear across the network. The appliance can be configured to send each user’s unique authentication credentials, or static credentials (that is, the same credentials for all users). Basic authentication forwarding is configured within a Web application profile, which is assigned to one or more application resources in AMC.
• Domain authentication forwarding provides a secure method for sending Windows network credentials to a Microsoft IIS (Internet Information Services) Web server. NTLM (Windows NT LAN Manager, also known as Windows NT challenge/response authentication) uses a challenge/response mechanism to securely authenticate users without sending passwords in the clear across the network. Domain authentication forwarding passes a Windows domain name along with the user’s authentication credentials.