Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
182
15 If you selected the Authentication Protocol for your RADIUS server as MSCHAP or MSCHAPV2, you have
the option to select Allow password changes. Note that if you enable password changes, you must also
deploy the LAN Manager authentication.
16 Optionally select Enable client certificate enforcement to require the use of client certificates for
login. By checking this box, you require the client to present a client certificate for strong mutual
authentication. Two additional fields appear:
• Verify user name matches Common Name (CN) of client certificate - Select this check box to
require that the user’s account name match their client certificate.
• Verify partial DN in subject - Use the following variables to configure a partial DN that matches
the client certificate:
• User name: %USERNAME%
• Domain name: %USERDOMAIN%
• Active Directory user name: %ADUSERNAME%
• Wildcard: %WILDCARD%
17 Select Delete external user accounts on logout to delete users who are not logged into a domain
account after they log out.
18 Select Auto-assign groups at login to assign users to a group when they log in.
Users logging into RADIUS domains are automatically assigned in real time to Secure Mobile Access
groups based on their external RADIUS filter-IDs. If a user’s external group membership has changed,
their Secure Mobile Access group membership automatically changes to match the external group
membership.
19 Optionally select One-time passwords to enable the One-time password feature. A drop-down list
appears, in which you can select if configured, required for all users, or using domain name. These
are defined as:
•if configured - Only users who have a One Time Password email address configured uses the One
Time Password feature.
• required for all users - All users must use the One Time Password feature. Users who do not
have a One Time Password email address configured is not allowed to login.
• using domain name - Users in the domain use the One Time Password feature. One Time
Password emails for all users in the domain is sent to username@domain.com.
20 If you select using domain name, an E-mail domain field appears following the drop-down list. Type in
the domain name where one-time password emails are sent (for example, abc.com).
21 If you select Technician Allowed, Secure Virtual Assist can be used as a technician in this domain.
22 Click Accept to update the configuration. After the domain has been added, the domain is added to the
table on the Portals > Domains page.
23 Click Configure next to the RADIUS domain you added. The Test tab of the Edit Domain page displays.
To Next Page
Loading...
Need help?
General
