Client Authentication
Users who want or should use Client Authentication need to install the Sophos Authentication Agent (SAA) on their client PC or Mac OS computer. The SAA can be downloaded either via this WebAdmin page or via the User Portal. Note that only users who are within the user group of the Client Authentication configuration will find a download link on their User Portal page.
To configure Client Authentication, do the following:
-
On the Client Authentication tab, enable client authentication.
Click the toggle switch.
The toggle switch turns green and the Client Authentication Options area becomes editable.
-
Select the allowed networks.
Add or select the networks that should use Client Authentication. Note that those networks need to be directly connected to Sophos UTM for Client Authentication to work. For how to add a network definition, see Definitions & Users > Network Definitions > Network Definitions.
-
Select the allowed users and groups.
Select single users or groups or add new users into the Allowed Users and Groups box. This can be also your already existing authentication group, e.g. an Active Directory user group. For how to add new users or groups, see Definitions & Users > Users & Groups > Users.
-
Click Apply.
Your settings will be saved.
Client Authentication is now available for the selected networks.
Client Authentication Program
When Client Authentication is enabled, you can download the Sophos Authentication Agent (SAA) here. You can either distribute the SAA manually or have your users download the client from the User Portal.
Download EXE: Downloads the Client Authentication program including the CA certificate for direct installation on client PCs. This is the same file as can be downloaded from the User Portal.
Download MSI: Downloads the Client Authentication MSI package. This package is designed for automatic package installation via domain controller (DC) and does not contain the CA certificate.
Download DMG: Downloads the Client Authentication Mac OS X disk image. This image is designed for installation on client computers having an OS X operating system.
Download CA: Downloads the CA certificate that has to be rolled out in addition to the MSI package.
The SAA can be used as authentication mode for the Web Filter. For more information, see Web Protection > Web Filtering > Global.