Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=AuthenticationExcludeSSOUserSTAS

Exclude users or IP addresses from SSO in STAS

We recommend excluding service users, such as software distribution systems and log collectors, and IP addresses that do authentication on behalf of users, such as Microsoft Exchange. If you don't exclude such users and IP addresses, when they authenticate a new user, Sophos Transparent Authentication Suite (STAS) authenticates the new user and signs out the previously authenticated user.

To exclude users or IP addresses from single sign-on (SSO) in STAS, do as follows:

  1. On your domain controller, open STAS.
  2. Go to Exclusion list.
  3. Under Login user exclusion list, click Add to exclude a user.
  4. Enter the username, then click OK.
  5. Under Login IP address / network subnet mask exclusion list or Logoff IP address / network subnet mask exclusion list, click Add to exclude an IP address.
  6. Enter the IP address and subnet mask in CIDR notation, for example, 192.168.100.100/24, then click OK.
  7. Click Apply, click OK, then click Yes.