Active directory SSO & Radius Users
Currently using FireboxV, version 12.7.
I've setup SSO using active directory for our internal workstations/users and am successfully using A/D groups, within firewall policies, to control traffic through the firewall . (I've deployed the watchguard client to each workstation and the SSO agent/server is using this as it's primary method of identifying the user with ELM as a backup)
I've then configured IKEv2 VPN, for our users to use on their a/d laptops when working remotely, which uses an internal radius server (NPS) for authentiation against active directory. My VPN users, once connected, then don't seem to be able to use the active directory restricted policies. (Using the scripts etc from Firewall to generate the native windows 10 vpn connection)
Looking at the firewall logs I can see that the username for my vpn users has @ at the end (domain being that configured in the radius settings on the firebox). I realise that this is different from non vpn users (they have thir A/D UPN) which might be why my a/d based policies aren't applying as the firewall treating the vpn user as a different user. Is there anyway of, once the user is authenticated via radius, of then using the A/D SSO authentication as well so that the A/D based policies apply?
I have to use the radius authentication as we have the M/S plugin, on our NPS server, that allows us to use office Azure MFA where we sync our A/D into azure.
Thoughts gratefully received.