Authentication fallback
If the service cannot communicate with the identity provider, users have the option to authenticate with the cloud service using a different mechanism. During the identity provider redirect process, a redirection page is shown. The page has a link that allows the user to cancel the single sign-on process and try a different authentication method.
When the user clicks this link, the service will first attempt to identify the user via transparent NTLM identification, before falling back to manual authentication (depending on the settings enabled in the user’s policy). See Forcepoint Web Security Cloud Help - Access Control tab.
Note: For roaming users, manual form authentication is the only alternative method available. Authentication fallback is not supported when using a dedicated port for SSO.