Integrated Windows Authentication

Integrated Windows Authentication (IWA) is a robust method of authenticating users who belong to shared-trust Windows domains (one or many).

Integrated Windows Authentication:

• Uses Kerberos and SPNEGO
• Supports NTLM in both explicit and transparent proxy modes
• Supports NTLMv2 and NTLMv1 with Session Security
• Supports Windows Active Directory. (See this article for a list of supported versions.)
• Can be used with Rule-Based Authentication and Captive Portal Authentication.
• Supports Internet Explorer, Firefox, Google Chrome, Windows Safari, Safari on iPad iOS4, and Opera
• Supports UTF-8 user names
• Supports fall back to prompted authentication

Requires that:

• Clients be joined to the domain
• Client browsers specify the Fully Qualified Domain Name (FQDN) of Content Gateway as an intranet site or trusted site (HTTP://FQDN)
• When Redirect for HTTPSS Authentication is enabled on the Configure > Security > Access Control > Global Authentication page, Content Gateway will redirect over HTTPS. To avoid user prompts, HTTPS://FQDN must also be specified as an intranet or trusted site in client browsers.
  Note: Microsoft Edge does not support trusted sties. Intranet sites are required for clients using Edge.
• In explicit proxy deployments, browsers must specify the FQDN of Content Gateway

If you are using IWA with rule-based authentication, see Rule-Based Authentication for configuration steps.