Integrated Windows Authentication

Integrated Windows Authentication (IWA) is a robust method of authenticating users who belong to shared-trust Windows domains (one or many).

Integrated Windows Authentication:

  • Uses Kerberos and SPNEGO
  • Supports NTLM in both explicit and transparent proxy modes
  • Supports NTLMv2 and NTLMv1 with Session Security
  • Supports Windows Active Directory. (See this article for a list of supported versions.)
  • Can be used with Rule-Based Authentication and Captive Portal Authentication.
  • Supports Internet Explorer, Firefox, Google Chrome, Windows Safari, Safari on iPad iOS4, and Opera
  • Supports UTF-8 user names
  • Supports fall back to prompted authentication

Requires that:

  • Clients be joined to the domain
  • Client browsers specify the Fully Qualified Domain Name (FQDN) of Content Gateway as an intranet site or trusted site (HTTP://FQDN)
  • When Redirect for HTTPSS Authentication is enabled on the Configure > Security > Access Control > Global Authentication page, Content Gateway will redirect over HTTPS. To avoid user prompts, HTTPS://FQDN must also be specified as an intranet or trusted site in client browsers.
    Note: Microsoft Edge does not support trusted sties. Intranet sites are required for clients using Edge.
  • In explicit proxy deployments, browsers must specify the FQDN of Content Gateway

If you are using IWA with rule-based authentication, see Rule-Based Authentication for configuration steps.