Sophos Transparent Authentication Suite (STAS) enables users on a Windows domain to automatically sign in to Sophos Firewall when signing in to Windows. STAS eliminates the need for multiple sign-ins and SSO clients on each client device.
STAS consists of an agent and a collector. The agent monitors user authentication requests and sends information to the collector for authentication. The collector collects the user authentication requests from the agent, processes the requests, and sends them to the firewall for authentication.
Only the agent must run on the domain controller. You can install the collector on any other device. The collector generates a high volume of traffic. So, we don't recommend you install the collector on the domain controller.
To download STAS, go to Authentication > Client downloads.
STAS doesn't support LDAP over SSL/TLS connections for eDirectory.
Sophos Transparent Authentication Suite settings
To configure Sophos Firewall in a STAS deployment, turn Enable Sophos Transparent Authentication Suite on and click Activate STAS.
STAS quarantine: For incoming traffic, Sophos Firewall sends a request to the STAS agent to check for a user and destination IP address match. Sophos Firewall drops the traffic if the agent doesn't find a match.
Identity probe time-out: Time Sophos Firewall waits for a response from the agent before it drops the traffic.
Default: 120 seconds
Restrict client traffic during identity probe: - Yes (default): Holds up traffic until the user and destination IP address match is found. - No: Continues to send traffic to the destination IP address during the identity probe.
Enable user inactivity: Turn on to take action when users are inactive.
Inactivity timer: Signs out users after the specified period (in minutes) of inactivity. Users are considered inactive if they don’t transfer the specified volume of data during this period.
Data transfer threshold: Minimum data (in bytes) that users must transfer during the specified period to be considered active.
The collector collects the user authentication requests from the agent, processes the requests, and sends them to the firewall for authentication.
To add a collector, click Add new collector.