Re: FSSO DC Agent Mode, how to handle user logins from "non-domain-joined" devices?
there I see plenty of possibilities but you have to think about what you have in hands.
- the MacBooks can be joined to domain and utilize FSSO fully
- those BYODs are probably connected to WiFi, which might be RADIUS authenticated towards NPS on DC, so users log in with their corporate creds , so RSSO can be applied
- how about NTLM through Collector in policies so those with capable browser and with settings that FGT is in trusted NTLM URLs will provide creds to FGT via NTLM automatically whenever 401/407 auth required happen, others will be prompted
- how about Kerberos based Negotiate auth model in explicit proxy
.. just to name 4 different approaches which just came to my mind during few minutes thinking.
So check your resources and then choose the path suitable the most to your needs.
BTW: nobody was interested past two days as we enjoyed a weekend. No big thrill, but still pleasant 2 days.