The Zyxel SSO Solution
To realizing single sign-on authentication with Zyxel security appliances in your network, it needs to include these components: SSO Agent and the Next-Gen USG device or ZyWALL VPN Firewall.
When users log on to the computers in the network, they must give a user name and password. If the Active Directory authentication is used with the Zyxel security appliances to restrict outgoing network traffic to specified users or groups, users are required to complete an additional step: they must manually log in again to authenticate to the Zyxel security appliance and get access to network resources or the Internet. Single Sign-On (SSO) can be utilized in this case to simplify the log-in process for users. With SSO, users on the trusted or optional networks provide their user credentials just one time (when they log on to their computers) and are automatically authenticated to the USG device.
To use SSO, the SSO Agent is required to be installed on a Microsoft Active Directory domain controller server in the network. The SSO Agent will run as a domain user account with Domain Admin privileges. With these privileges, when users try to authenticate to the network domain, the SSO Agent can query the client computer and provide those user credentials to the Zyxel security appliance. When you install the SSO Agent, make sure that it runs as a user with Domain Admin privileges.