SonicWall VPN

Overview

You can secure access to SonicWall VPNs using LDAP. Users can sign in using either the Groove.id mobile app or by receiving a voice call on their phone. If using the mobile app, the will provide their username and a blank password. When signin in, a user will need to approve the signin on their mobile phone before the signin completes. If using a voice call, users will provide their account PIN in the password box. They will receive a phone call directing them to press the number one on their phone keypad to complete the sign in process.

Configuring Groove.id

  1. In your Groove.id console (e.g. signin.example.com/setup) navigate to Apps.

  2. Create a new LDAP application. Note the Server Address, Server Port, Root Binding DN.

  3. Click Activate

Configuring SonicWall

  1. From the SonicWall console, choose Users then Settings.

  2. In the User Authentication method drop-down menu, select either LDAP or LDAP + Local Users.

  3. Click Configure LDAP

  4. For Name or IP Address provide the value give in the Groove.id console, something like auth.groove.id.

  5. For Port Number, choose 636.

  6. For Server Timeout choose 300 seconds.

  7. Select Give bind distinguished name

  8. For the Bind distinguished name provide the value from the Groove.id console. For Login Password type anything.

  9. Check Use TLS.

  10. Check Require valid certificate from server.

  11. Do not check Force PAP to MSCHAPv2.

  12. Click Apply.

Schema Tab

  1. Click the Schema tab.

  2. LDAP Schema choose Microsoft Active Directory.

  3. In the Directory tab, note the value of Trees containing users is something like example.com/Users. Turn this into a LDAP DN, something like cn=Users,dc=example,dc=com. Put this value into the User Suffix field in the Groove.id console.

Testing

  1. Choose the Test tab.

  2. Enter a valid username or email address for User.

  3. If you have the Groove.id mobile app set up, enter anything at all for the password. If you are using voice call authentication, enter your account PIN or password.

  4. Press test.

  5. You will receive a notification or voice call. When you approve, your signin will complete.