Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/21.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=authentication-STAS-SSO-exclude-user

Exclude users or IP addresses from SSO in STAS

We recommend excluding service users, such as software distribution systems and log collectors, and IP addresses that do authentication on behalf of users, such as Microsoft Exchange. If you don't exclude such users and IP addresses, when they authenticate a new user, Sophos Transparent Authentication Suite (STAS) authenticates the new user and signs out the previously authenticated user.

To exclude users or IP addresses from single sign-on (SSO) in STAS, do as follows:

  1. On your domain controller, open STAS.
  2. Go to Exclusion list.
  3. Under Login user exclusion list, click Add to exclude a user.
  4. Enter the username, then click OK.
  5. Under Login IP address / network subnet mask exclusion list or Logoff IP address / network subnet mask exclusion list, click Add to exclude an IP address.

  6. Enter the IP address and subnet mask in CIDR notation.

    Example

    To exclude the IP address 192.168.100.100, enter 192.168.100.100/32.

  7. Click OK.

  8. Click Apply, click OK, then click Yes.