{{ secondMenu.name }}
The IAG can work with another IAG or an SG to implement authentication. Two Sangfor devices are deployed, one for authentication and the other for audit and control. After a user is authenticated on the authentication IAG, the audit and control IAG can synchronize the user information from the authentication IAG for audit and control. See the following figure. (IAG A is used for authentication, while IAG B is used for audit and control.)
The data flow is as follows:
Step 1.Set the authentication policy. Navigate to Access Mgt > Authentication > Web Authentication > Authentication Policy and click Add to set the authentication policy according to the IP or MAC addresses of the users who require SSO.
Step 2.Choose Users > Single Sign On SSO > SANGFOR Devices and perform configuration.
Select Receive user credentials from other Sangfor appliances and set the shared key. See the following figure.
Then, IAG B can receive authentication information from IAG A. It ensures authentication information consistency between the IAG.
Step 3.For IAG A deployed in bridge mode, select Send users credential to other Sangfor appliances and set the related device IP address and the shared key. See the following figure.
Then, IAG A can forward all the authentication information to IAG B so that IAG B deployed in bypass mode, can identify online users and be synchronized with IAG A. If IAG B is a Sangfor Internet access optimization device deployed in bypass mode, users can access some data only through a proxy. The proxy server is set on IAG B and authenticates users on IAG B. In this case, users authenticated by IAG A are also authenticated by IAG B. Then, the users can access the data using the proxy server because the information about online users is shared between IAG A and IAG B.
{{ $t('index.defaultHeader.chromeBrowserTip') }}