Datasheet
6
Feature Feature Description Benefits
Kerberos SSO and NTLMv2
support
The SA Series automatically authenticates remote users
via Kerberos or NTLMv2 by using user credentials.
Simplifies user experience by avoiding having users
enter credentials multiple times to access dierent
applications.
Password management
integration
Provides a standards-based interface for extensive
integration with password policies in directory stores
(LDAP, Microso Active Directory, NT, and others).
Leverage existing servers to authenticate users. The users
can manage their passwords directly through the SA
Series interface.
Web-based SSO basic
authentication and NT LAN
Manager (NTLM)
Allows users to access other applications or resources
that are protected by another access management
system without reentering login credentials.
Alleviates the need for end users to enter and maintain
multiple sets of credentials for web-based and Microso
applications.
Web-based SSO forms-based,
header variable-based,
SAML-based
Provides ability to pass username, credentials, and other
customer-defined and customizable attributes to the
authentication forms of other products and as header
variables.
Enhances user productivity and provides a customized
experience.
SAML 2.0 support for Web/
cloud SSO
Acts as a SAML IdP (Identity Provider) for service
provider initiated SSO to enable simple and transparent
access to cloud-based applications for remote users.
Leverages Junos Pulse or Network Connect for SSO for
web-based applications.
Seamless and transparent SSO for cloud/web-based
applications enhances remote user experience and
productivity.
Extends proven and secure authentication to cloud-
based SaaS applications and other Web applications.
Provision by Purpose
The SA2500, SA4500, and SA6500 SSL VPN Appliances include three different access methods. These different methods are selected
as part of the user’s role, so the administrator can enable the appropriate access on a per-session basis, taking into account user, device,
and network attributes in combination with enterprise security policies.
Table 5: Provisioning Features and Benefits
Feature Feature Description Benefits
IPsec/IKEv2 support for mobile
devices
Allows remote users to connect from devices such
as tablets, mobile devices, and smartphones, which
support IKEv2 VPN connectivity. Administrators can
also enable strict certificate authentication for access
via IPsec/IKEv2. Also enables username/password
authentication through Extensible Authentication
Payload (EAP), whereby IKEv2 provides a “tunnel”
mechanism for EAP authentication.
• Extends Juniper’s leading mobility and access control
features of the SA Series to a broad range of devices
and OS platforms that support IKEv2 VPN connectivity.
• Enables remote users to securely authenticate to the
SA Series appliance from platforms that support IKEv2
VPN connectivity.
Clientless core Web access Provides access to web-based applications—including
complex JavaScript, XML, or Flash-based apps and Java
applets that require a socket connection—as well as
standards-based e-mail such as Outlook Web Access
(OWA), Windows and UNIX file share, telnet/SSH
hosted applications, terminal emulation, SharePoint
(including extensive SharePoint 2010 support), and
others.
• Provides the most easily accessible form of application
and resource access from a variety of end user devices,
including mobile devices.
• Enables extremely granular security control options.
• Oers a completely clientless approach using only a
Web browser.
Secure Application Manager
(SAM)
A lightweight Java or Windows-based download
enables access to client/server applications.
• Enables access to client/server applications using just a
Web browser.
• Also provides native access to terminal server
applications without the need for a preinstalled client.
Network Connect (NC) Provides complete network-layer connectivity via an
automatically provisioned cross-platform download;
Windows Logon/GINA integration for domain SSO; and
installer services to mitigate need for administrator
rights. Allows for split tunneling capability.
• Users only need a Web browser.
• NC transparently selects between two possible
transport methods to automatically deliver the highest
performance possible for every network environment.
• When used with Juniper Networks Installer Services,
no administrator rights are needed to install, run, and
upgrade Network Connect.
• Optional standalone installation is available as well.
• Split tunneling capability provides flexibility to specify
which subnets or hosts to include or exclude from being
tunneled.
Junos Pulse This single, integrated remote access enabling interface
can also provide LAN access control, application
acceleration, online meeting and collaboration
services, and dynamic VPN features to remote users, in
conjunction with Juniper Networks MAG Series Junos
Pulse Gateways running Junos Pulse services, including
Junos Pulse Access Control Service or Junos Pulse
Application Acceleration Service; or Juniper Networks
Unified Access Control and SRX Series Services
Gateways devices.
• Junos Pulse replaces the need to deploy and maintain
multiple, separate clients for dierent functionalities
such as VPN, network (LAN) access control, application
acceleration, and online meeting/collaboration services.
• By seamlessly integrating all of these functionalities
into one single, easy-to-use, multiservice enabling
interface, working across multiple computing and
mobile operating platforms, administrators can save on
client management, training, and deployment costs to
end users.
Table 4: Flexible Single Sign-on Features and Benefits (continued)