Other accounts on the domain
Identification by SSO agent may be cancelled on the firewall if the user of the workstation uses a different login on the domain. This second identification is relayed by the domain controller which replaces the initial session.
These cases occur especially for the following types of access:
- Logging on to an intranet using the kerberos and/or ntlm method,
- Mounting of shared remote resources (files, printers) via the SMB protocol,
- Connecting to RDP Terminal Services on a remote server.