Getting started
Products concerned: SNS 5.0.2 and upwards
As of SNS version 5, the firewall offers seamless, secure integration with Microsoft Entra ID through the OpenID Connect (OIDC) protocol. This feature is designed to centralize and optimize the management of access to your network infrastructure.
By connecting your SNS firewall to Microsoft Entra ID, you can:
- Centrally monitor who has access to your SSL VPN directly from Microsoft Entra ID.
- Allow your users to be automatically authenticated on the SNS firewall (for the captive portal or filter policies) simply by using their existing Microsoft Entra ID accounts.
- Manage your SNS administration accounts from a single location, thereby improving the security and consistency of your access policies.
The directory that groups users and the applications that are accessible to these users through Microsoft Entra ID is known as a "tenant" in the Microsoft Entra ID administration interface, and in the rest of this document.
Requirements
- A Microsoft Entra ID subscription including the tenant.
- An administrator account for the tenant in question.
- An SNS firewall in version 5.0.1 or higher with a fully qualified domain name (FQDN) that can be accessed from the Internet (e.g., myfirewall.mycompany.com, sslvpn.mycompany.com, etc.).
-
The date and time on this firewall have to be up to date in order for OIDC/Microsoft Entra ID authentication to work.
To ensure optimal operation, you are strongly advised to enable NTP time synchronization on the firewall. - A Stormshield SSL VPN client in version 4.1 or higher if users authenticated via OIDC/Microsoft Entra ID are allowed to set up SSL VPN tunnels with the firewall.
| Date | Description |
|---|---|
| September 19, 2025 | New document |