Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Enabling NTLM Authentication (Automatic Logon) in AD FS and browsers in InterScan Web Security as a Service (IWSaaS)

    • Updated:
    • 1 Feb 2016
    • Product/Version:
    • InterScan Web Security as a Service 2.0
    • Platform:
    • N/A N/A
Summary
This article shows the procedure on how to enable the NTLM Authentication (Single Sign-On) in AD FS, Internet Explorer, Chrome and Firefox on IWSaaS.
Details
Public

For users to be transparently authenticated in AD FS SAML Integration, do the following:

Option I: Through Group Policy Object

  1. Open the Group Policy Management Console. Create either a new Group Policy Object (GPO) or edit an existing GPO.
  2. Expand Computer Configuration, expand Policies, expand Administrative Templates, expand Windows Components, expand Internet Explorer, expand Internet Control Panel, and then click Security Page.
  3. In the details pane, double-click Site to Zone Assignment List.
  4. In the Site to Zone Assignment List Properties dialog box, click Enabled.
  5. In the Site to Zone Assignment List Properties dialog box, click Show.
  6. In the Show Contents dialog box, click Add.
  7. In the Add Item dialog box, type the ADFS URL of SAML SSO service (for example, https://cwaserver.contoso.com) in the Enter the name of the item to be added box.
  8. Type 1 (indicating the local intranet zone) in the Enter the value of the item to be added box, and then click OK.
  9. In the Show Contents dialog box, click OK.
  10. In the Site to Zone Assignment List dialog box, click OK.
  11. In the Group Policy Management Editor, click Intranet Zone.
  12. In the details pane, double-click Logon options.
  13. In the Logon options Properties dialog box, click Enabled.
  14. In the Logon options list, click Automatic logon only in Intranet zone, and then click OK.
  15. Close the Group Policy Management Editor.

Option II: Through Internet Explorer Browser

  1. Open the Internet Options dialog box by choosing Internet Options either from Control Panel or from the Tools menu in Internet Explorer.
  2. In the Internet Options dialog box, on the Security tab, select Local intranet, and then click Custom Level.
  3. In the Security Settings dialog box, under Logon, select Automatic logon only in Intranet zone, and then click OK.
  4. In the Internet Options dialog box on the Security Settings tab with Local intranet still selected, click Sites.
  5. In the Local intranet dialog box, click Advanced.
  6. In the next dialog box (also titled Local intranet), type the URL of your Communicator Web Access site (for example, https://cwaserver.contoso.com) in the Add this Web site to the zone box, and then click Add.
  7. In the Local intranet dialog, box click OK.
  8. In the original Local intranet dialog box, click OK.
  9. In the Internet Options dialog box, click OK.

Reference: Configuring Internet Explorer for Automatic Logon

  1. Enable Windows Authentication for AD FS 3.0.

    Refer to the following articles:

  2. Disable Extended Protection Token Check.

    Refer to the Microsoft KB article: Configuring Advanced Options for AD FS 2.0.

  3. Configure/Set AD FS 3.0 Server as servicePrincipalName (SPN).

    Refer to the following articles:

  4. Use A Record for AD FS 3.0 (Optional).

    Refer to the Microsoft forum topic: AD FS Windows Authentication Throws 400 Bad Request.

Premium
Internal
Rating:
Category:
Configure; Troubleshoot
Solution Id:
1113419
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.