SSO not working (user can access internet on new TAB of browser without login)

ArsalanAli Lv3Posted 22 May 2023 16:15

I have integrated the Active directory users with my Sangfor NGAF, I have created the authentication test policy only on 3 IPs. and int new user authentication I have select "No authentication for new users"
Now users are receiving the sign on page on brower, but when the open new tab without login thay can easily be access youtube, Facebook and everything.

I want to know why its been accessing the internet and how can I block in on these 3 test users.

I want no user can access the internet with out sign on (means no internet for new users)

image_2023-05-22_131527714.png (7.26 KB, Downloads: 499)

image_2023-05-22_131527714.png

By solving this question, you may help 806 user(s).

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

CLELUQMAN Lv4Posted 23 May 2023 11:41
  
check your application control policy , mind sharing the screenshot.
ArsalanAli Lv3Posted 23 May 2023 15:34
  
I have implemented a policy that user IP can not go on internet and when it sign on to its user account can go to internet .... Screenshot is attached

After this policy User internet is block, but there is no option of signon (means SSO screen is not showing)

image_2023-05-23_123416164.png (14.57 KB, Downloads: 467)

image_2023-05-23_123416164.png
Faisal Piliang Posted 23 May 2023 19:26
  
Hi,

If you encounter this error after setting up SSO using profiles, it's likely that your IdP is incorrectly assuming that you're using the SSO profile for your organization. If so, your IdP SSO profile settings may be usable only if you use them to configure the SSO profile for your organization.

Thanks
MTR Lv2Posted 24 May 2023 01:26
  
If you have integrated Active Directory (AD) users with your Sangfor NGAF (Next-Generation Application Firewall) and you want to block internet access for new users until they sign on, you may need to adjust your firewall policies. Here are the steps you can follow:

Access the Sangfor NGAF management interface: Open a web browser and enter the IP address or hostname of your NGAF device to access the management interface.

Navigate to Firewall Policy settings: Look for the Firewall Policy section or similar in the NGAF management interface. This is where you can configure rules to control internet access.

Identify the policy for internet access: Review the existing firewall policies to identify the one responsible for allowing internet access. This policy might have rules allowing access to popular websites like YouTube and Facebook.

Modify the policy to include authentication: Edit the policy that allows internet access and add an authentication requirement to it. This ensures that users must sign in before being allowed internet access.

Specify the AD authentication requirement: Within the policy settings, configure the authentication method to use Active Directory. This ensures that users must authenticate against AD before being granted internet access.

Apply the policy to the test user group: Specify the group or users (in this case, the three test users) who should be subject to the authentication requirement. This will restrict internet access for new users until they sign in successfully.

Test and verify: Test the new configuration by opening a new tab on the browser without signing in as one of the test users. Verify that access to websites like YouTube and Facebook is blocked until authentication is completed.
ArsalanAli Lv3Posted 26 May 2023 12:56
  
I have put check on "No-Authentication for new User" and issue resolved now

image_2023-05-26_095500334.png (19.06 KB, Downloads: 463)

image_2023-05-26_095500334.png
ArsalanAli Lv3Posted 26 May 2023 12:59
  
I have put the Check on "NO Authentication for New User"  and issue resolve
now only authenticated users can use the Internet
RegiBoy Lv5Posted 29 May 2023 14:41
  
Specify the group or users (in this case, the three test users) who should be subject to the authentication requirement. This will restrict internet access for new users until they sign in successfully.
Zonger Lv5Posted 29 May 2023 14:41
  
If you have integrated Active Directory (AD) users with your Sangfor NGAF (Next-Generation Application Firewall) and you want to block internet access for new users until they sign on, you may need to adjust your firewall policies. Here are the steps you can follow:

Access the Sangfor NGAF management interface: Open a web browser and enter the IP address or hostname of your NGAF device to access the management interface.

Navigate to Firewall Policy settings: Look for the Firewall Policy section or similar in the NGAF management interface. This is where you can configure rules to control internet access.

Identify the policy for internet access: Review the existing firewall policies to identify the one responsible for allowing internet access. This policy might have rules allowing access to popular websites like YouTube and Facebook.

Modify the policy to include authentication: Edit the policy that allows internet access and add an authentication requirement to it. This ensures that users must sign in before being allowed internet access.

Specify the AD authentication requirement: Within the policy settings, configure the authentication method to use Active Directory. This ensures that users must authenticate against AD before being granted internet access.

Apply the policy to the test user group: Specify the group or users (in this case, the three test users) who should be subject to the authentication requirement. This will restrict internet access for new users until they sign in successfully.

Test and verify: Test the new configuration by opening a new tab on the browser without signing in as one of the test users. Verify that access to websites like YouTube and Facebook is blocked until authentication is completed.
Rejie08455 Lv1Posted 29 May 2023 14:45
  
The users can access the internet without authentication because the policy for new users is set to "No authentication." To block access for these specific test users, you need to configure access control rules on Sangfor NGAF to deny internet access for their IP addresses.

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders