Skip to content

Live users

Live users are users who are currently signed in to the firewall.

Types of live users

See the live user and client types the firewall offers.

AD SSO (Single sign-on)

When a user accesses a website, the endpoint's currently signed in user is sent to the firewall.

  • AD SSO Kerberos
  • Multi-host client (Per connection AD SSO for multi-user hosts)


Endpoint devices making operating system web requests when a user isn't signed in, such as Windows Update, may send the endpoint device's name in the SSO credentials rather than a username. In this case, you will see the endpoint's name instead of a username in Live users. See NTLM and Kerberos troubleshooting.

Authentication agent

Users are signed in automatically by the client authentication agent (CAA) sending messages to the firewall.

  • Windows
  • macOS
  • Linux
  • Android client
  • iOS client

Captive portal (using browser)

When a user accesses a website, they are prompted for username and password in the web browser.

  • Web client (for endpoint computers)
  • Android web client
  • iOS web client


Users are signed in automatically by the clients sending messages to the firewall.

  • STAS (Sophos Transparent Authentication Suite)
  • Thin client (Sophos Authentication for Thin Client)
  • Heartbeat
  • API


Users reported in the STAS application may be different than Live users in the firewall. See STAS troubleshooting.

SSO (Single sign-on)

Users are signed in automatically by the server sending messages to the firewall.

  • eDirectory SSO
  • Chromebook SSO


  • IPsec VPN
  • L2TP VPN

The live user list shows all the configured clientless users. Deactivated users don't appear on the list. Clientless users are authenticated by their IP address and are displayed when they're configured.

Guest users can sign in through the captive portal.

  • Web client
  • Android web client
  • iOS web client

Disconnect users

To disconnect users, select them, and click Disconnect. You can change the notification text. Click Disconnect again.

If you use Disconnect to disconnect an AD SSO user, it can take up to three minutes before they can sign in again.

To sign out a clientless user, don't click Disconnect. Go to Authentication, and change the specific clientless user’s status to inactive. If you’ve disconnected a clientless user and want to sign in the user again, go to Authentication and change the user’s status to inactive and then to active.

When you disconnect a user manually, a notification is sent to users who've signed in using the client types Authentication agent, Android client, iOS client, and Chromebook SSO.

More resources