Thread Info
  • State Verified Answer
  • +5 person also asked this people also asked this
  • Locked Locked
  • Replies 13 replies
  • Answers 2 answers
  • Subscribers 37 subscribers
  • Views 15377 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Clientless Access Bookmark - credentials

Rick Fredley

Is it on the roadmap to support single sign on or using the logged in credentials for bookmarks in the User Portal/Clientless Access? 

I would like to be able to allow a few users to login to the User Portal and use the HTML5 RDP bookmark to remote into their desktops. The problem is that currently, the only way to accomplish this, to my knowledge, is to either disable NLA on their desktops and use the RDP Protocol Security on the bookmark or to save the credentials on the appliance for the NLA Protocol Security. The former is insecure and would show up on any internal audit, and the latter would require collecting user passwords and updating them every time they change. Neither of these is ideal.

The user already has to logon to the User Portal... Why not allow me to use those credentials?




[locked by: KingChris at 4:46 PM (GMT -8) on 10 Dec 2019]
[unlocked by: KingChris at 4:48 PM (GMT -8) on 10 Dec 2019]
[locked by: KingChris at 4:50 PM (GMT -8) on 10 Dec 2019]
  • 0 in reply to KingChris

    "If you are requesting to have SMB bookmarks use the same credentials as the user signed on, then you will need to submit a feature request."

     

    Sorry, what other credentials would they use exactly if not their own? Some sort of shared credentials?

    Are you a security company or not? its really hard to tell sometimes with the advice i get on this forum...

     

    i guess i naively thought that signing on to a device that supports single sign on, and also supports smb shares, that it would use those credentials to log onto those shares. What a fool i am HAHAHA....

     

    At least you could throw up a dialog box to allow users to put in some credentials themselves. All i get is "authentication failed", but it didnt like you know, even try.

    Basically, if you dont turn on authentication and use a shared password that is saved on the bookmark, this feature just does not work? I have trouble understanding how useless this "feature" is so i think maybe there is something wrong with me or my understanding of this? Because how could such a useless thing even be there. Is there some environment out there where people log onto fileservers with the same username and password for the whole company? That is who you have designed this for????

  • +1 in reply to givemecontrol

    Hi  

    The device does support SSO.  You are not using a feature that supports SSO.

    If you would like SMB shares to support individual SSOs then please go to https://ideas.sophos.com and submit a request there.  Product management will then take it under advisement.

    This feature is primarily used for access to file shares for contractors or people who software policies do not allow them to install software.  It is also for use for people in countries where governments do not allow VPN access.

    As your question is answered, this thread will now be locked.

  • 0 in reply to KingChris

    Further to the reply above, if you would like to use individual credentials for each SMB share you create, you can do so.  You can create a SMB share for each user that has access to that bookmark.  You can then use a unique user account per bookmark.