RADIUS is a client-server protocol for user authentication. For RADIUS authentication, users either provide a user name and password, or their devices must have a digital certificate. If you use RADIUS for user authentication to wireless access points or other RADIUS clients, and your firewall policies restrict outgoing traffic to specified users or groups, your users must manually log in again to authenticate to the Firebox, before they can connect to network resources or the Internet. To simplify the login process for your users, you can use RADIUS Single Sign-On (RSSO) to automatically authenticate users when they authenticate to a RADIUS client. With RADIUS SSO, your users on the trusted or optional networks provide their user credentials one time (when they connect to the wireless access point or other RADIUS clients) and they are automatically authenticated to your Firebox.
RADIUS SSO does not require you to enable RADIUS authentication on the Firebox. For RADIUS SSO, users authenticate with a separate RADIUS client, usually a wireless access point or switch on your internal network configured with 802.1X port-based authentication. Because the RADIUS client communicates with the RADIUS server to authenticate the users, it is not necessary to enable RADIUS authentication on the Firebox. The RADIUS server forwards accounting messages to tell the Firebox when a user has authenticated, and the Firebox automatically creates a Firewall session for the user.
