Configure User Browsers for Integrated Windows Authentication

As part of the process to enable Integrated Windows Authentication (IWA), users must configure their web browsers to work with the IWA Connector. Provide these instructions to users who will authenticate using IWA.

Configure Firefox for Integrated Windows Authentication

Procedure

  1. Open Firefox on the computer that will authenticate using IWA.
  2. In the address bar, type about:config.
  3. Click I'll be careful, I promise.
  4. In the Search bar, type negotiate.
  5. Double-click network.negotiate-auth.delegation-uris.
  6. Enter the name of your corporate Windows domain (for example, mycorporatedomain.com). If the RSA SecurID Access Application Portal URL and the IWA server URL are not within the Windows domain, enter those URLs also (for example, portal.sso.mycorporatedomain.com, iwa.sso.mycorporatedomain.com).
  7. Click OK.
  8. Double-click network.negotiate-auth.trusted-uris.
  9. Enter the name of your corporate Windows domain (for example, mycorporatedomain.com). If the RSA SecurID Access Application Portal URL and the IWA server URL are not within the Windows domain, enter those URLs also (for example, portal.sso.mycorporatedomain.com, iwa.sso.mycorporatedomain.com).
  10. Click OK.
  11. Close Firefox.

    The new settings take effect the next time you open Firefox.

Configure Chrome and Microsoft Internet Explorer for Integrated Windows Authentication

Provide these instructions to Chrome and Microsoft Internet Explorer users who will authenticate using IWA, or use Windows Group Policy to enforce these settings for users in your corporate domain.

Procedure

  1. On the computer that will authenticate using IWA, open Control Panel > Internet Options.
  2. On the Advanced tab, in the Security section, verify that Enable Integrated Windows Authentication is selected.
  3. Click Apply.
  4. On the Security tab, select Local Intranet.
  5. Click Sites.
  6. Click Advanced.
  7. In the Add this website to the zone field, enter the name of your corporate Windows domain (for example, mycorporatedomain.com), and click Add. If the RSA SecurID Access Application Portal URL and the IWA server URL are not within the Windows domain, enter those URLs also (for example, portal.sso.mycorporatedomain.com, iwa.sso.mycorporatedomain.com).
  8. Click Close and OK to exit all open dialogs.

    The new settings take effect the next time you open Internet Explorer or Chrome.