PingOne for Enterprise

Using IWA with browser clients

You can enable your users' browser clients for seamless SSO with AD Connect using Integrated Windows authentication (IWA).

Before you begin

Ensure that:

  1. Your AD Connect configuration in PingOne for Enterprise has an Authentication Type value of Integrated. This authentication type uses Integrated Windows Authentication (IWA).

  2. Port 80 is open for use by AD Connect.

  3. The browser clients for your users have the AD Connect host listed as a trusted site.

Click the corresponding tabs for instructions on adding trusted sites to Google Chrome, Microsoft Edge, and Mozilla Firefox.

  • Chrome

  • Edge

  • Firefox

Adding trusted sites to Chrome

Steps

  1. In Chrome, go to Settings → Privacy and Security.

  2. Click Third-party Cookies.

  3. Click Add.

  4. In the Site field, enter the host name of the AD Connect host.

  5. Click Add.

Adding trusted sites to Edge

Steps

  1. In Windows, open the Control Panel.

  2. Go to Network and Internet → Internet Options.

  3. In the Internet Properties window, go to Security → Trusted Sites → Sites.

  4. In the Add this website to the zone field, enter the host name of the AD Connect host.

  5. Click Add, then click Close.

Adding trusted sites for Firefox

Steps

  1. In Firefox, enter about:config in the URL address bar.

  2. Click Accept the Risk and Continue.

  3. In the Search bar, enter network.negotiate.

  4. Click the Pencil icon for network.negotiate-auth.trusted-uris.

  5. In the field that opens, enter the host name of the AD Connect host.

  6. Click the Save icon.

Result

The name of the AD Connect host is displayed as the value of network.negotiate-auth.trusted-uris.