How Does SonicWall SSO Agent Work?

The SonicWall SSO Agent can be installed on any workstation with a Windows domain that can communicate with clients and the SonicWall security appliance directly using the IP address or using a path, such as VPN. For installation instructions for the SonicWall SSO Agent, refer to the Installing the SonicWall SSO Agent.

Multiple SSO agents are supported to accommodate large installations with thousands of users. You can configure up to eight SSO agents, each running on a dedicated, high-performance PC in your network.

NOTE: When using NetAPI or WMI, one SSO agent can support up to approximately 2500 users.When configured to read from domain controller security logs, one SSO agent can support a much larger number of users identified via that mechanism, potentially 50,000+ users. The actual number supported in either case depends on: • The performance level of the hardware that the SSO agent is running on, • How it is configured on the firewall, • Other network-dependent factors.

The SonicWall SSO Agent only communicates with clients and the SonicWall security appliance. See How SonicWall SSO Agent Works. SonicWall SSO Agent uses a shared key for encryption of messages between the SSO Agent and the SonicWall security appliance.

IMPORTANT: The shared key generated in the SSO Agent and the key entered in the SonicWall security appliance during SSO configuration must match the SSO Agent-generated key exactly.

How SonicWall SSO Agent Works

The SonicWall security appliance queries the SonicWall SSO Agent over the default port 2258. The SSO Agent then communicates between the client and the SonicWall security appliance to determine the client’s user ID. The SonicWall SSO Agent is polled, at a rate that is configurable by the administrator, by the SonicWall security appliance to continually confirm a user’s login status.