Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
405
3 Enter a descriptive name for the authentication domain in the Domain Name field. This is the domain
name users select in order to log in to the Secure Mobile Access user portal. It can be the same value as
the Server address field.
4 Enter the IP address or domain name of the server in the Server address field.
5 Enter the search base for LDAP queries in the LDAP baseDN field. An example of a search base string is
CN=Users,DC=yourdomain,DC=com.
6 Enter a Server address that has been delegated control of the container that server is in.
7 Enter the user name along with the corresponding password in the Login user name and Login
password fields.
8 Enter a Backup Server address.
9 Enter the backup user name along with the corresponding backup password in the Login user name and
Login password fields
10 Select the name of the portal in the Portal name field. Additional layouts can be defined in the Portals
> Portals page.
11 Select Allow password changes (if allowed by LDAP server) if you want to be able to change user’s
passwords. The admin account must be used when changing user passwords.
12 Optionally select Use SSL/TLS. This option allows for the needed SSL/TLS encryption to be used for
Active Directory password exchanges. This check box should be enabled when setting up a domain using
Active Directory authentication.
13 Optionally select Enable client certificate enforcement to require the use of client certificates for
login. By checking this box, you require the client to present a client certificate for strong mutual
authentication. Two additional fields appear:
• Verify user name matches Common Name (CN) of client certificate - Select this check box to
require that the user’s account name match their client certificate.
• Verify partial DN in subject - Use the following variables to configure a partial DN that matches
the client certificate:
• User name: %USERNAME%
• Domain name: %USERDOMAIN%
• Active Directory user name: %ADUSERNAME%
• Wildcard: %WILDCARD%
14 Select Delete external user accounts on logout to delete users who are not logged into a domain
account after they log out.
15 Select Only allow users listed locally to allow only users with a local record in the Active Directory to
login.
16 Select Auto-assign groups at login to assign users to a group when they log in.
Users logging into Active Directory domains are automatically assigned in real time to Secure Mobile
Access groups based on their external AD group memberships. If a user’s external group membership has
changed, their Secure Mobile Access group membership automatically changes to match the external
group membership.
TIP: It is possible for multiple OUs to be configured for a single domain by entering each OU on a
separate line in the LDAP baseDN field. In addition, any sub-OUs is automatically included when
parents are added to this field.
NOTE: Do not include quotes (“”) in the LDAP BaseDN field.
NOTE: When entering Login user name and Login password, remember that the SMA/SRA
appliance binds to the LDAP tree with these credentials and users can log in with their SMA
AccountName.
To Next Page
Loading...
