Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Content Gateway Security > Content Gateway user authentication > Integrated Windows Authentication
Integrated Windows Authentication
Help | Content Gateway | v8.5.x
Integrated Windows Authentication (IWA) is a robust method of authenticating users who belong to shared-trust Windows domains (one or many).
Integrated Windows Authentication:
*
*
*
*
Supports Windows Active Directory. (See this article for a list of supported versions.)
*
Can be used with Rule-Based Authentication and, with v8.5.4, Captive Portal Authentication.
*
*
*
Requires that:
*
*
*
When Redirect for HTTPSS Authentication (new in v8.5.4) is enabled on the Configure > Security > Access Control > Global Authentication page, Content Gateway will redirect over HTTPS. To avoid user prompts, HTTPS://FQDN must also be specified as an intranet or trusted site in client browsers.
 
Note 
*
If you are using IWA with rule-based authentication, see Rule-Based Authentication, for configuration steps.
Integrated Windows Authentication: Configuration summary
Follow these steps to configure IWA as the user authentication method for your Content Gateway deployment:
*
In the Content Gateway manager, enable Integrated Windows Authentication on the Configure > My Proxy > Basic page and click Apply.
*
*
Configuring Integrated Windows Authentication
1.
Go to Configure > My Proxy > Basic > General. In the Authentication section, click Integrated Windows Authentication On, and click Apply.
2.
3.
To join the domain:
*
*
*
*
*
 
a.
In the Domain Name field, enter the fully qualified domain name.
b.
In the Administrator Name field enter the Windows Administrator user name.
c.
In the Administrator Password field enter the Windows Administrator password.
The name and password are used only during the join and are not stored.
d.
*
*
If the domain controller is specified by name or IP address, you can also specify backup domain controllers in a comma separated list, no spaces.
e.
In the Content Gateway Hostname field, confirm that the hostname is the correct hostname and that it is no more than 15 characters (no more than 11 characters on appliances). If it is longer, it must be shortened if IWA is to be used. The length restriction results from the 15 character limit on NetBIOS hostnames.
 
Warning 
f.
Click Join Domain. If there is an error, ensure that the conditions outlined above are met and then see Failure to join the domain.
 
Important 
g.
To unjoin the current domain and join a new domain
1.
Navigate to the Configure > Security > Access Control > Integrated Windows Authentication tab and click Unjoin.
2.
To join a new domain, in the Domain Name field, enter the fully qualified domain name.
3.
In the Administrator Name field enter the Windows Administrator user name.
4.
In the Administrator Password field enter the Windows Administrator password. The name and password are used only during the join and are not stored.
5.
*
*
If the domain controller is specified by name or IP address, you can also specify backup domain controllers in a comma separated list, no spaces.
6.
Click Join Domain.
To change the way the domain controller is found
1.
Navigate to the Configure > Security > Access Control > Integrated Windows Authentication tab.
2.
In the Domain Controller section, select how to locate the domain controller:
*
*
If the domain controller is specified by name or IP address, you can also specify backup domain controllers in a comma separated list, no spaces.
3.
Click Apply.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Content Gateway Security > Content Gateway user authentication > Integrated Windows Authentication
Copyright 2020 Forcepoint. All rights reserved.