Integrated Windows Authentication

Document created by RSA Information Design and Development on Jul 14, 2016Last modified by RSA Information Design and Development on Apr 19, 2019
Version 34Show Document
  • View in full screen mode

Integrated Windows Authentication (IWA) is a feature of Microsoft Windows NT-based operating systems that allows automatically authenticated connections between the SSO Agent, Microsoft Internet Information Services (IIS), Internet Explorer, and other Active Directory-aware applications. Using IWA with the SSO Agent provides a streamlined single sign-on (SSO) experience for users who sign into the application portal or protected web applications from within your corporate domain.

By default, when a user attempts to access the application portal or a protected web application, the identity router redirects the user to the portal sign-in page. If not already authenticated, the user must enter valid sign-in credentials to continue. Using IWA, users who are already authenticated to your corporate domain can bypass the portal sign-in page.

If you enable IWA, the following occurs when a user attempts to access the application portal or a protected web application from within your corporate Windows domain:

  1. The identity router redirects the request to an IIS server on your network.
  2. The IIS server verifies the user's Windows authentication credentials against Active Directory.
  3. If verification succeeds, the IIS server provides a Security Assertion Markup Language (SAML) assertion, allowing the user to bypass the portal sign-in screen and access the portal or protected application without manually submitting basic account credentials.
  4. The SSO Agent prompts the user for additional authentication credentials if required by the access policy for the web application.



You are here
Table of Contents > Integrated Windows Authentication > Integrated Windows Authentication