Authentication: Single-Sign On for Astaro Authentication Agent
Expand the Astaro Authentication Agent to (optionally) use the currently logged on Windows credentials instead of manually entering credentials.
MichaelR
shared this idea
16 comments
-
Stephen Norman
commented
This would also be useful to see on OS X now that the authentication agent is going to be available in Sophos UTM 9.1.
-
Marcus Schenk
commented
We'd like this too, since AAA should be very easy for the end user and having to enter a password every login is annoying for them so they won't accept it. Acceptance would be greater if we stored the password, but in a policy based AD network where passwords are changed every x months you cannot have multiple users to always keep their stored passwords in sync. Other than that I dont know if it's a security risk to have this password stored, dont know what technique is used by sophos. So SSO for AAA would be highly appreciated!
-
adam.gabriel
commented
Since eDir SSO is so broken (eDir's fault) this is still on the top of my needs list. Any chance this will ever happen?
-
Kevin Salisbury
commented
The Winlogon idea seems like a good one even for those of us on Linux and/or eDirectory.
-
Ludovic Peny
commented
Maybe a Winlogon compatibility to allow to the agent to catch the credentials at the login prompt.
Eventually the SAA can also be a feature of the UTM Endpoint. -
Kris Hanson
commented
This would add the flexibility one of our customers requires...otherwise it is a feature we cannot look to at this time...
-
Alexis
commented
This way this authentication could be used also for other features in the NSG : associated users to FW rules for example, include authentication for ssh connections, ...
-
Matias
commented
If the AAA don't have Multi-user support the Astaro firewall is useless for schools...
-
Bob Alfson
commented
This is especially important to opportunities with larger companies.
We need to be able to use "Backend Group (User Group Network)" objects in Firewall, Application Control, QoS, etc. rules without syncing users to the ASG.
-
Blackbird_71
commented
In the world of Microsoft and AD domains, this feature is a must if any web filtering is to be logged appropriately. Please help make this more of a priority.
-
Stephen W
commented
It would also be nice if the Astaro Agent installed as a Windows Service to Authenticate the logged on user. I have workstations with multiple users and each one has to install the Astaro Agent as it installs in the Users Profile.
-
CANDERSON
commented
I know a certain other product does this by running an agent on the DC - it detects event log entries that map IP address to username based on logon and logoff. The agent then sends those to the web filter appliance. This is probably not perfect, but seems to run alot more smoothly than what we have astaro doing today. It would be alot more transparent to the users too.
-
Anonymous
commented
Just starting to look at AAA now, but it would be great if it could use windows/domain credentials.
If the client should be distributed on a network the installation should be possible to run silent. Maybe it is possible already, but havent found any info about it yet.
