To use Single Sign-On (SSO), you must install the WatchGuard SSO Agent, which is a service that receives requests for Firebox authentication and checks user status with the Active Directory server.
The SSO Agent service must be run as a user account that is a member of the Domain Admins group. We recommend that you create a new user account for this purpose, and then add the user to the Domain Admins group. For the SSO Agent service to operate correctly, configure the user account with these properties:
- Add the account to the Domain Admin group.
- Make the Domain Admin group the primary group.
- Allow the user account to log on as a service.
- Set the password to never expire.
To install the SSO Agent software:
- Download the SSO Agent software from http://www.watchguard.com/.
- Install the SSO Agent software.
- Enable SSO on your XTM device.