Thread Info
  • State Verified Answer
  • +5 person also asked this people also asked this
  • Locked Locked
  • Replies 13 replies
  • Answers 2 answers
  • Subscribers 37 subscribers
  • Views 15393 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Clientless Access Bookmark - credentials

Rick Fredley

Is it on the roadmap to support single sign on or using the logged in credentials for bookmarks in the User Portal/Clientless Access? 

I would like to be able to allow a few users to login to the User Portal and use the HTML5 RDP bookmark to remote into their desktops. The problem is that currently, the only way to accomplish this, to my knowledge, is to either disable NLA on their desktops and use the RDP Protocol Security on the bookmark or to save the credentials on the appliance for the NLA Protocol Security. The former is insecure and would show up on any internal audit, and the latter would require collecting user passwords and updating them every time they change. Neither of these is ideal.

The user already has to logon to the User Portal... Why not allow me to use those credentials?




[locked by: KingChris at 4:46 PM (GMT -8) on 10 Dec 2019]
[unlocked by: KingChris at 4:48 PM (GMT -8) on 10 Dec 2019]
[locked by: KingChris at 4:50 PM (GMT -8) on 10 Dec 2019]
  • 0

    Hi Rick,

    Let me confirm this and come back to you with an answer.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Just got an new XG unit and went to set up bookmarks for SMB and RDP and also found the lack of passthrough credentials frustrating.  I hope there is a workaround.

  • 0 in reply to Jordon Randall

    Please fix this. It makes bookmarks useless if you the user can't enter his/her credentials or there is no passing of the credentials used to login to the portal.

  • 0

    Its September 2018 - Single Sign On is a thing. You can't be expected to make a bookmark for each of your users. Or to have them have to enter their credentials twice. That's just crazy. Get with the times Sophos.

  • 0 in reply to Damian Moscatt

    As far as i now, there are some plans to implement such features in the future, but i am not aware of any time frames. 

    Personally speaking, i do not use the HTML5 Portal quite often. Just because it is no alternative for other VPN RAS technologies like SSL or IPsec. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Of course a VPN is better in terms of access, but for the casual remote worker the complexities of allowing a VPN on an untrusted device are too high.  A SSL Remote access portal is meant to give controlled access to specific resources on the corporate lan without a wide open vpn.

  • 0 in reply to Jordon Randall

    But: You are giving the same kind of access with HTML5 to any user? They can easily access with a infected client to the HTML5 Portal and get access to the Corporate network. 

    Nevertheless here in Germany, most of the company's cannot allow employees to use personal computers to access company data. And this is most of the time the use case for HTML5. Giving privat / personal devices access to company resources. And as a admin i would not allow such access to my network (e.g zero trust). 

    Sorry for starting an off topic conversation about this feature. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Is there any update on this?

    I'm unsure if I got it right, the SMB bookmarks are implemented but don't work at all?

    The only possibility is to enter the credentials directly into the bookmark configuration and then no access control is possible and you cannot retrace who made changes.

  • 0 in reply to Nicola Friese

    Can someone from sophos please confirm if this is indeed never going to work again. You are removing HTTPS bookmarks that dont work, and apparently now i find out the SMB bookmarks also have no way to be working.

     

    I havent even tried RDP bookmarks yet...

     

    Really wish i hadn't renewed my support contract for the next three years on this POS recently. What a lemon these firewalls are becoming, i am going to stop recommending them to people.

  • 0 in reply to givemecontrol

    Hi  

    I have tested SMB bookmarks and have found them to be working perfectly fine.

    If you are requesting to have SMB bookmarks use the same credentials as the user signed on, then you will need to submit a feature request.

    Currently there is no request for this as a feature.

     

    Thanks!

    KingChris
    Community Support | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

Cookie Information Banner