Integrated Windows Authentication
Integrated Windows Authentication (IWA) is a robust method of authenticating users who belong to shared-trust Windows domains (one or many).
Integrated Windows Authentication:
- Uses Kerberos and SPNEGO
- Supports NTLM in both explicit and transparent proxy modes
- Supports NTLMv2 and NTLMv1 with Session Security
- Supports Windows Active Directory. (See this article for a list of supported versions.)
- Can be used with Rule-Based Authentication and Captive Portal Authentication.
- Supports Internet Explorer, Firefox, Google Chrome, Windows Safari, Safari on iPad iOS4, and Opera
- Supports UTF-8 user names
- Supports fall back to prompted authentication
Requires that:
- Clients be joined to the domain
- Client browsers specify the Fully Qualified Domain Name (FQDN) of Content Gateway as an intranet site or trusted site (HTTP://FQDN)
- When Redirect for HTTPSS Authentication is enabled on the Note: Microsoft Edge does not support trusted sties. Intranet sites are required for clients using Edge.
page, Content Gateway will redirect over HTTPS. To avoid user prompts, HTTPS://FQDN must also be specified as an intranet or trusted site in client browsers.
- In explicit proxy deployments, browsers must specify the FQDN of Content Gateway
If you are using IWA with rule-based authentication, see Rule-Based Authentication for configuration steps.