uOS 1.38-Captive Portal Enhancements and OIDC Integration
Zyxel Employee
Advanced Captive Portal and OIDC Integration
The latest update for Zyxel H series firewalls introduces significant enhancements to Captive Portal authentication, focusing on security and user flexibility.
OIDC External Group Support
Administrators can now leverage external group users for OpenID Connect (OIDC) authentication, specifically with Microsoft Entra. By mapping Entra "Object IDs" to external group objects on the firewall, administrators can apply granular access policies based on corporate group memberships. Currently, external group support is specific to the Captive Portal.
Sign in as a Different User
To address issues with browser credential caching in public or shared environments, a new "Sign in as a different user" option has been added. This allows users to bypass cached single sign-on credentials and manually enter different account details.
Wall Garden Redesign and Cloud Updates
The Trusted Identity Provider (Wall Garden) configuration has been redesigned for clarity, replacing long lists with simple object entries for Google and Microsoft. To ensure reliability, the firewall now queries a Zyxel cloud database every 7 days (and after reboots) to automatically update the necessary FQDNs for these providers.
Interface Security
Captive Portal is no longer supported on "general type" interfaces. Zyxel recommends using remote access VPNs for traffic originating from external interfaces to maintain a higher security posture.
Categories
- All Categories
- 442 Beta Program
- 3K Nebula
- 229 Nebula Ideas
- 130 Nebula Status and Incidents
- 6.6K Security
- 661 USG FLEX H Series
- 359 Security Ideas
- 1.8K Switch
- 86 Switch Ideas
- 1.4K Wireless
- 56 Wireless Ideas
- 7.1K Consumer Product
- 305 Service & License
- 497 News and Release
- 95 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 5K FAQ
- 34 Documents
- 89 About Community
- 110 Security Highlight