Using IWA with browser clients
You can enable your users' browser clients for seamless SSO with AD Connect using Integrated Windows authentication (IWA).
Before you begin
Ensure that:
-
Your AD Connect configuration in PingOne for Enterprise has an
Authentication Type
value ofIntegrated
. This authentication type uses Integrated Windows Authentication (IWA). -
Port 80 is open for use by AD Connect.
-
The browser clients for your users have the AD Connect host listed as a trusted site.
Click the corresponding tabs for instructions on adding trusted sites to Google Chrome, Microsoft Edge, and Mozilla Firefox.
-
Chrome
-
Edge
-
Firefox
Adding trusted sites to Chrome
Steps
-
In Chrome, go to Settings → Privacy and Security.
-
Click Third-party Cookies.
-
Click Add.
-
In the Site field, enter the host name of the AD Connect host.
-
Click Add.
Adding trusted sites to Edge
Steps
-
In Windows, open the Control Panel.
-
Go to Network and Internet → Internet Options.
-
In the Internet Properties window, go to Security → Trusted Sites → Sites.
-
In the Add this website to the zone field, enter the host name of the AD Connect host.
-
Click Add, then click Close.
Adding trusted sites for Firefox
Steps
-
In Firefox, enter
about:config
in the URL address bar. -
Click Accept the Risk and Continue.
-
In the Search bar, enter
network.negotiate
. -
Click the Pencil icon for network.negotiate-auth.trusted-uris.
-
In the field that opens, enter the host name of the AD Connect host.
-
Click the Save icon.
Result
The name of the AD Connect host is displayed as the value of network.negotiate-auth.trusted-uris.