SSO not working (user can access internet on new TAB of browser without login)

ArsalanAli Lv3Posted 22 May 2023 16:15

I have integrated the Active directory users with my Sangfor NGAF, I have created the authentication test policy only on 3 IPs. and int new user authentication I have select "No authentication for new users"
Now users are receiving the sign on page on brower, but when the open new tab without login thay can easily be access youtube, Facebook and everything.

I want to know why its been accessing the internet and how can I block in on these 3 test users.

I want no user can access the internet with out sign on (means no internet for new users)

image_2023-05-22_131527714.png (7.26 KB, Downloads: 498)

image_2023-05-22_131527714.png

By solving this question, you may help 806 user(s).

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

sumran Lv2Posted 30 May 2023 12:22
  
please remove the SSO and make the policy for the blocking of internet then it works
Taha Lv2Posted 30 May 2023 12:15
  
please review your SSO policy .it looks the problem at your policy .
Bebe_Bote Lv3Posted 30 May 2023 00:28
  
Specify the users that needs authentication and once authenticated can connect to the internet.
jetjetd Lv5Posted 30 May 2023 00:20
  
Just input the IP address or hostname of your NGAF device.
Farina Ahmed Lv5Posted 29 May 2023 15:38
  
1) Review policy configuration to ensure SSO traffic is not inadvertently blocked.
2) Whitelist SSO traffic by creating exceptions or allowing necessary ports/protocols/URLs.
3) Check network connectivity between user devices and SSO server.
4) Verify proper Active Directory integration and SSO authentication settings.
5) Monitor NGAF logs for blocked SSO traffic or authentication failures.
6) Review SSO configuration and consult documentation or vendor for guidance.
7) Contact Sangfor technical support for further assistance if the issue persists.
Garfield Lv1Posted 29 May 2023 15:26
  

To prevent the internet access of the 3 test users who bypassed authentication, you can create access control rules on Sangfor NGAF to block their IP addresses from accessing specific websites or the internet entirely.
VanFlyheights Lv3Posted 29 May 2023 15:02
  
Your IdP SSO profile settings may be usable only if you use them to configure the SSO profile for your organization.
Natsu Dragneel Lv3Posted 29 May 2023 14:59
  
In the NGAF management interface, look for the Firewall Policy section or something similar. This is where you may configure internet access rules.
BitCloud Lv3Posted 29 May 2023 14:56
  
Access the Sangfor NGAF management interface: Open a web browser and enter the IP address or hostname of your NGAF device to access the management interface.
Adonis001 Lv3Posted 29 May 2023 14:52
  
Specify the AD authentication requirement: Configure the authentication method to utilize Active Directory inside the policy settings. This guarantees that before being allowed internet access, users must verify against AD.

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders