Setting authentication options for specific users

If you wish to enforce specific authentication options for certain end users, overriding the authentication settings defined in the policy, you can do this via a setting in the user’s PAC file URL. For those users who need to use a specific authentication mechanism, deploy a PAC file URL using the “a=” switch, in the following format:

http://webdefence.global.blackspider.com:8082/proxy.pac?a=X

The a= parameter controls the authentication option used, where X can be one of the following:

Parameter	Description
a=n	NTLM identification is used. If NTLM is not supported by the browser or application, basic authentication is used.
a=t	Authentication is performed using single sign-on. If the application or user agent cannot use single sign- on, NTLM identification or basic authentication is used. If a remote user cannot log on using single sign-on, they are given the option to try again or log on using other credentials.
a=f	Authentication is performed using secure form-based authentication.

Parameter

Description

a=n

NTLM identification is used. If NTLM is not supported by the browser or application, basic authentication is used.

a=t

Authentication is performed using single sign-on.

If the application or user agent cannot use single sign- on, NTLM identification or basic authentication is used.

If a remote user cannot log on using single sign-on, they are given the option to try again or log on using other credentials.

a=f

Authentication is performed using secure form-based authentication.

For further details about PAC files, see Proxy auto-configuration (PAC).