Configure the correct ports and services to allow end users to authenticate using SSO through your on-premises Active Directory server from your corporate intranet locations.
The authentication proxy service on the Zero Trust Secure Access Internet Access On-Premises
Gateway facilitates NTLM v2 or Kerberos-supported single sign-on (SSO) authentication with your on-premises Active Directory server. The service retrieves settings and
data from Trend Vision One via HTTPS through port 443 on firewall A.
Once configured, the authentication proxy service allows end users to reach your Active
Directory server from endpoints under the following scenarios.
|
Secure Access Module status
|
Location |
Connection method
|
|
Installed
|
Corporate network
|
Any method
|
|
Not installed
|
Corporate network
|
Through a configured Internet Access On-Premises Gateway or through the Internet Access Cloud Gateway from a defined IP address
|
Before configuring the authentication proxy service, you must have a Service Gateway virtual appliance installed with the Zero Trust Secure Access Internet Access On-Premises Gateway service
enabled.
Procedure
- In , enable Single Sign-On with Active Directory (On-Premises) and complete the configuration steps.
- Ensure that DNS can resolve the FQDN of the authentication proxy with the proper IP
address for endpoints accessing from the corporate network. Note that if you are using:
- a single gateway, the authentication proxy FQDN is the
<single gateway FQDN> - multiple gateways behind a load balancer, authentication proxy FQDN is the
<load balancer FQDN>
- a single gateway, the authentication proxy FQDN is the