Cisco FirePOWER ASA 5500 series Configuration Manual page 638

Configuring User Attributes
Specifying the SSO Server
Single sign-on support, available only for WebVPN, lets users access different secure services on
different servers without reentering a username and password more than once. The sso-server value
command, when entered in username-webvpn mode, lets you assign an SSO server to a user.
To assign an SSO server to a user, use the sso-server value command in username-webvpn configuration
mode. This command requires that your configuration include CA SiteMinder command.
hostname(config-username-webvpn)# sso-server value server_name
hostname(config-username-webvpn)#
To remove the assignment and use the default policy, use the no form of this command. To prevent
inheriting the default policy, use the sso-server none command.
hostname(config-username-webvpn)# sso-server {value server_name | none}
hostname(config-username-webvpn)# [no] sso-server value server_name
The default policy assigned to the SSO server is DfltGrpPolicy.
The following example assigns the SSO server named example to the user named anyuser:
hostname(config)# username anyuser attributes
hostname(config-username)# webvpn
hostname(config-username-webvpn)# sso-server value example
hostname(config-username-webvpn)#
Configuring SVC
The SSL VPN Client (SVC) is a VPN tunneling technology that gives remote users the benefits of an
IPSec VPN client without the need for network administrators to install and configure IPSec VPN clients
on remote computers. The SVC uses the SSL encryption that is already present on the remote computer
as well as the WebVPN login and authentication of the security appliance.
To establish an SVC session, the remote user enters the IP address of a WebVPN interface of the security
appliance in the browser, and the browser connects to that interface and displays the WebVPN login
screen. If the user satisfies the login and authentication, and the security appliance identifies the user as
requiring the SVC, the security appliance downloads the SVC to the remote computer. If the security
appliance identifies the user as having the option to use the SVC, the security appliance downloads the
SVC to the remote computer while presenting a link on the user screen to skip the SVC installation.
After downloading, the SVC installs and configures itself, and then the SVC either remains or uninstalls
itself (depending on the configuration) from the remote computer when the connection terminates.
The security appliance might have several unique SVC images residing in cache memory for different
remote computer operating systems. When the user attempts to connect, the security appliance can
consecutively download portions of these images to the remote computer until the image and operating
system match, at which point it downloads the entire SVC. You can order the SVC images to minimize
connection setup time, with the first image downloaded representing the most commonly-encountered
remote computer operating system. For complete information about installing and using SVC, see
Chapter 38, "Configuring SSL VPN
After enabling SVC, as described in
require SVC features for a specific user. This feature is disabled by default. If you enable or require SVC,
you can then enable a succession of svc commands, described in this section. To enable SVC and its
related svc commands, do the following steps in username webvpn configuration mode:
Cisco Security Appliance Command Line Configuration Guide
30-84
Chapter 30 Configuring Tunnel Groups, Group Policies, and Users
Client".
Chapter 38, "Configuring SSL VPN Client", you can enable or
OL-10088-01