SSO Agent Server RODC

Pippo
Pippo Posts: 11
First Anniversary Friend Collector First Comment
Hi :) , does the SSO agent work if installed on a server with RODC role?

Best Answers

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,444  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Hi @Pippo,
    When user login domain, it will generate security events (ID:4768) on domain controllers and SSO Agent get local domain controller security events log directly. 
    It works on RODC as long as RODC have windows user login event 4768 and be able to get the groups information of users via LDAP.

  • Pippo
    Pippo Posts: 11
    First Anniversary Friend Collector First Comment
    Answer ✓
    @Zyxel_Cooldia :) so you confirm me that the agent in the rodc domain environment can work? 

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,444  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Hi @Pippo,
    When user login domain, it will generate security events (ID:4768) on domain controllers and SSO Agent get local domain controller security events log directly. 
    It works on RODC as long as RODC have windows user login event 4768 and be able to get the groups information of users via LDAP.

  • Pippo
    Pippo Posts: 11
    First Anniversary Friend Collector First Comment
    Answer ✓
    @Zyxel_Cooldia :) so you confirm me that the agent in the rodc domain environment can work? 
  • jasailafan
    jasailafan Posts: 191  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    It’s highly related to Windows AD setting. 
    Written permission for SSO agent is not required, as long as SSO agent can get security event and groups information of users.

Security Highlight