Iam sso internet working with non ad account

Newbie554938 Lv1Posted 12 Nov 2019 19:56

Internet still working after user logs in to pc using local admin account.

User logs in with ad account. He is sso recognized. He switches to non domain local pc account. But internet still working. Upon accessing the lan interface ip of iam the portal identifies that session with domain account.

Sangfor_Brando has solved this question and earned 20 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

As mentioned by Darrel_IAM above, some SSO cannot detect user logout activities, kindly PM him.
Is this answer helpful?
Sangfor_Brando Lv4Posted 13 Nov 2019 09:22
Hi, if you are using Domain SSO or IWA SSO, kindly logout the user on IAM first as it will remain online in the IAM, or if you want to logout the user in IAM after user has logoff the domain account, you may use script SSO.

For logging out user in  Domain SSO or IWA SSO, you may use the following methods to logout:

Many thanks.
Darrel_IAM Lv2Posted 13 Nov 2019 22:46
Hi Bro:
      Thanks for sharing your experience with us.
      Regarding the issue that U mention, we have support different kinds of SSO for AD, some SSO can't detect user logout activities,  so if you wish users switch to a local account, they can't connect to the Internet or another purpose, Please kindly PM me.  let me find out some solution for you.
Soviet Lv1Posted 14 Nov 2019 03:26
Thanks all for your  replies. I will try above mentioned solutions. i am using domain sso and iwa.
no script sso as of now.

Actually we are usign TMG and we want to replacce it. at the moment if a user logs in with domain account he gets internet access transparently after loggin in to windows. no manual password etc is entered.

once he switch user to a local pc user or logs out of ad account and logs in with local account his internet stops and he gets prompt for username password in browserse etc.

in sangfor if he logs in with domain account sso works and his browsing works.
Howver if he "SWITCH USER ACCOUNT" or logs of his ad account and logs in with local account he is still able to browser. in  sangfor in online users the accesss is shwon from the ad account htat was previously used on that machine irrespective of the fact that the user has loged out of his ad account on his pc.

is above behaviour normal for sangfor ?

I Can Help:


Moderator on This Board


Started Topics




Started Topics



Board Leaders