About Single Sign-On (SSO)
When users log on to the computers in the network, they must give a user name and password. If the Active Directory authentication is used with the Zyxel security appliances to restrict outgoing network traffic to specified users or groups, users are required to complete an additional step: they must manually log in again to authenticate to the Zyxel security appliance and get access to network resources or the Internet. Single Sign-On (SSO) can be utilized in this case to simplify the log-in process for users. With SSO, users on the trusted or optional networks provide their user credentials just one time (when they log on to their computers) and are automatically authenticated to the USG device.
Benefits
- Simplified single sign in to multiple resources
- Improved user experience without repetitive logging in various web browsers
- Secure communication via shared key encryption for data transmission protection
- Login mechanism works with any protocol, not just HTTP
About the SSO Agent
To use SSO, the SSO Agent is required to be installed on a Microsoft Active Directory domain controller server in the network. The SSO Agent will run as a domain user account with Domain Admin privileges. With these privileges, when users try to authenticate to the network domain, the SSO Agent can query the client computer and provide those user credentials to the Zyxel security appliance. When you install the SSO Agent, make sure that it runs as a user with Domain Admin privileges.
- Microsoft Active Directory versions: Windows 2008/2008 R2/2012 Server
* License subscription fee and permits may vary by country.
* SSO service will be end of software service by the end of September 2022.