![]() |
![]() |
![]() |
![]() |
![]() |
Security > Proxy user authentication > Integrated Windows Authentication
|
![]() |
![]() |
Join Content Gateway to the Windows domain. See Configuring Integrated Windows Authentication for a list of required conditions.
|
![]() |
Configure the Global Authentication Options. These options apply to NTLM authentication when IWA negotiates NTLM or falls back to NTLM.
|
1.
|
Navigate to Configure > My Proxy > Basic > General.
|
2.
|
3.
|
In the Authentication section, click the Configure link to navigate to Configure > Security > Access Control.
|
a.
|
In the Domain Name field, enter the fully qualified domain name.
|
b.
|
In the Administrator Name field enter the Windows Administrator user name.
|
c.
|
In the Administrator Password field enter the Windows Administrator password.
|
e.
|
In the Content Gateway Hostname field, confirm that the hostname is the correct hostname and that it is no more than 15 characters (no more than 11 characters on V-Series appliances). If it is longer, it must be shortened if IWA is to be used. The length restriction results from the 15 character limit on NetBIOS hostnames.
|
f.
|
Click Join Domain. If there is an error, ensure that the conditions outlined above are met and then see Failure to join the domain.
|
5.
|
If Content Gateway is deployed as a transparent proxy, configure the Transparent proxy authentication settings and then continue with the next step.
|
6.
|
Configure the NTLM global settings. Navigate to the Configure > Security > Access Control > Global Authentication Options tab.
|
a.
|
Fail Open – Specifies whether requests are allowed to proceed when user authentication fails.
|
![]() |
Disabled – specifies that requests not proceed when authentication failures occur.
|
![]() |
Enabled only for critical service failures (default) – specifies that requests proceed if authentication fails due to:
|
![]() |
Enabled for all authentication failures, including incorrect password – specifies that requests proceed for all authentication failures, including password failures.
|
b.
|
IP address-based NTLM Credential Caching is enabled by default. Credential caching applies only when Content Gateway is an explicit proxy. Credentials are cached when authentication is successful.
|
c.
|
Caching TTL sets the time-to-live for entries in the credential cache. The default TTL is 900 seconds (15 minutes). To change the TTL, enter a new value in the entry field. The range of supported values is 300 to 86400 seconds.
|
d.
|
If some users use terminal servers to access the Internet through the proxy (e.g., Citrix servers), you must create a list of those servers in the Multi-user IP Exclusions field. Credentials for such users are not cached. Enter a comma separated list of IP addresses and IP address ranges.
|
1.
|
Navigate to the Configure > Security > Access Control > Integrated Windows Authentication tab and click Unjoin.
|
2.
|
To join a new domain, in the Domain Name field, enter the fully qualified domain name.
|
3.
|
In the Administrator Name field enter the Windows Administrator user name.
|
4.
|
In the Administrator Password field enter the Windows Administrator password. The name and password are used only during the join and are not stored.
|
6.
|
Click Join Domain.
|
1.
|
Navigate to the Configure > Security > Access Control > Integrated Windows Authentication tab.
|
2.
|
In the Domain Controller section, select how to locate the domain controller:
|
3.
|
Click Apply.
|
Provide us feedback on your experience with the Service Request portal.
provide feedback >
![]() |
![]() |
![]() |
![]() |
![]() |
Security > Proxy user authentication > Integrated Windows Authentication
|