Resources; Users And Groups; Authentication - SonicWALL SMA Planning Manual

• Single Sign‐On on page 10
• Sharing Configuration Data on page 10
• Role‐based Administration on page 10
• System Monitoring and Logging on page 10

Resources

The SonicWall SMA appliance manages a wide variety of corporate resources in three main categories:
• Web resources—Applications or services that run over the HTTP or HTTPS protocol such as Microsoft
Outlook Web Access
• Client/server resources—Enterprise applications that run over TCP/IP, such as Citrix, and Voice over
Internet Protocol (VoIP) telephony applications
• File shares—Network servers or computers containing shared folders and files
When specifying a resource type, keep the intended audience in mind. For example, you can give business
partners narrow access to a Web application by defining a URL as a resource (and even alias the host name for
an extra measure of security).
To give remote employees broader access, you could define the network segment in which the Web application
is located as a domain, IP range, or subnet resource. Employees would then have access to all of the Web
resources in that domain.
Users and Groups
A user is an individual who needs access to resources on your network, and a group is a collection of users. After
you've created users or user groups on the appliance that are mapped to an external authentication server, you
can reference them in access control rules to permit or deny them access to resources. You can even form
dynamic groups if you want to reference a user population that isn't already defined in the external directory.

Authentication

Authentication is the process of verifying a user's identity. To manage user authentication with the appliance,
use AMC to define one or more external authentication servers (also known as directory servers or user stores)
that contain the credentials for your user population. The actual management of the user information is still
done on your authentication servers; the appliance makes use of that information to authenticate users.
Creating an authentication realm in AMC also involves specifying an authentication method
(username/password or one‐time password, token or smart card, or digital certificate).
The SMA appliance supports these directories and authentication methods:
• LDAP with username/password supports LDAP Certificate
• Dell Defender
• SAML CA SiteMinder
• RADIUS PhoneFactor with username/password or token‐based authentication such as SecurID or SoftID
• Microsoft Active Directory with username/password, configured with either a single root domain, or one
or more subordinate (child) domains
• Public Key Infrastructure (PKI) with digital certificate
SonicWall SMA Connect Tunnel 12.0 Deployment Planning Guide
About SonicWall SMA Connect Tunnel
7