NTLM transparent identification

In order to access the cloud service using NTLM transparent identification, some users are prompted to associate their NTLM credentials with their registration details the first time they access the service (or the first time transparent identification is enabled on their policy). This includes users who register themselves, are invited to register, or are bulk registered.

Note: If you are using directory synchronization and have synchronized NTLM IDs, users are not prompted for this information.

For non-directory users, the following process occurs one time:

  1. The users start their browsers and try to visit a website.
  2. The cloud service checks the users’ source IP address and applies the correct policy.
  3. The cloud service finds that transparent identification is enabled in the policy and initiates the NTLM conversation, during which the browsers send the NTLM credentials with no involvement of the users.
  4. The cloud service fails to find the users’ NTLM information in the policy.
  5. The cloud service displays the NTLM registration page.
  6. The users, if already registered, enter their email addresses and passwords and submit the form. If they are not already registered, they can click Register, also on this page, and are taken through the standard end-user self-registration process.
  7. The cloud service validates the usernames and passwords that are entered. If the validation fails, it re-displays the form.
  8. If the validation succeeds, the cloud service records the previously received NTLM identity against this user, and marks this connection as being identified.

Request processing continues as for a fully configured user.