Ways to Authenticate Users for Web Filtering

Question

Currently the FGT is setup with LDAP and I'm able to add admin users to the firewall for authentication for management.  Is there a way, if for example the FGT is 192.168.100.1, to have end users go to http://192.168.100.1 and sign in with their credentials on the FGT in tab 1 of their browser, and then launch tabs 2-5 for instance and the authentication credentials from tab 1 carry over?  So users don't have to authenticate for every website they visit.  I know about FSSO but that's not an option at this point (5 computers all logged in as admin but with 5 different users actively using the computers so it needs to be based on the person who's launching the browser).  I was thinking of enabling NTLM fallback for authentication on all the outbound policies but not sure that correct solution.  Also, how deep would nested groups be supported in this scenario?

koelschman · Answer

Hello, have a look at ip based authentication as authentication scheme. So you only have to login one time, when first trying to surf to an website. Afterwards the clients is still authenticated until idle timeout occurs.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded