VPN Clientless Access Bookmark - credentials

Its September 2018 - Single Sign On is a thing. You can't be expected to make a bookmark for each of your users. Or to have them have to enter their credentials twice. That's just crazy. Get with the times Sophos.

As far as i now, there are some plans to implement such features in the future, but i am not aware of any time frames. 

Personally speaking, i do not use the HTML5 Portal quite often. Just because it is no alternative for other VPN RAS technologies like SSL or IPsec. 

Of course a VPN is better in terms of access, but for the casual remote worker the complexities of allowing a VPN on an untrusted device are too high.  A SSL Remote access portal is meant to give controlled access to specific resources on the corporate lan without a wide open vpn.

But: You are giving the same kind of access with HTML5 to any user? They can easily access with a infected client to the HTML5 Portal and get access to the Corporate network. 

Nevertheless here in Germany, most of the company's cannot allow employees to use personal computers to access company data. And this is most of the time the use case for HTML5. Giving privat / personal devices access to company resources. And as a admin i would not allow such access to my network (e.g zero trust). 

Sorry for starting an off topic conversation about this feature. 

Is there any update on this?

I'm unsure if I got it right, the SMB bookmarks are implemented but don't work at all?

The only possibility is to enter the credentials directly into the bookmark configuration and then no access control is possible and you cannot retrace who made changes.

Can someone from sophos please confirm if this is indeed never going to work again. You are removing HTTPS bookmarks that dont work, and apparently now i find out the SMB bookmarks also have no way to be working.

I havent even tried RDP bookmarks yet...

Really wish i hadn't renewed my support contract for the next three years on this POS recently. What a lemon these firewalls are becoming, i am going to stop recommending them to people.

Can someone from sophos please confirm if this is indeed never going to work again. You are removing HTTPS bookmarks that dont work, and apparently now i find out the SMB bookmarks also have no way to be working.

I havent even tried RDP bookmarks yet...

Really wish i hadn't renewed my support contract for the next three years on this POS recently. What a lemon these firewalls are becoming, i am going to stop recommending them to people.

Hi givemecontrol 

I have tested SMB bookmarks and have found them to be working perfectly fine.

If you are requesting to have SMB bookmarks use the same credentials as the user signed on, then you will need to submit a feature request.

Currently there is no request for this as a feature.

Thanks!

"If you are requesting to have SMB bookmarks use the same credentials as the user signed on, then you will need to submit a feature request."

Sorry, what other credentials would they use exactly if not their own? Some sort of shared credentials?

Are you a security company or not? its really hard to tell sometimes with the advice i get on this forum...

i guess i naively thought that signing on to a device that supports single sign on, and also supports smb shares, that it would use those credentials to log onto those shares. What a fool i am HAHAHA....

At least you could throw up a dialog box to allow users to put in some credentials themselves. All i get is "authentication failed", but it didnt like you know, even try.

Basically, if you dont turn on authentication and use a shared password that is saved on the bookmark, this feature just does not work? I have trouble understanding how useless this "feature" is so i think maybe there is something wrong with me or my understanding of this? Because how could such a useless thing even be there. Is there some environment out there where people log onto fileservers with the same username and password for the whole company? That is who you have designed this for????

Hi givemecontrol 

The device does support SSO.  You are not using a feature that supports SSO.

If you would like SMB shares to support individual SSOs then please go to https://ideas.sophos.com and submit a request there.  Product management will then take it under advisement.

This feature is primarily used for access to file shares for contractors or people who software policies do not allow them to install software.  It is also for use for people in countries where governments do not allow VPN access.

As your question is answered, this thread will now be locked.

Further to the reply above, if you would like to use individual credentials for each SMB share you create, you can do so.  You can create a SMB share for each user that has access to that bookmark.  You can then use a unique user account per bookmark.