Views:

See the authentication methods available for connecting to the internet using Internet Access.

Zero Trust Secure Access Internet Access provides several methods for authentication to the Internet Access service for access to external web sites and resources. Considerations include the gateway being used, gateway configuration options, whether the endpoint has the Secure Access Module installed, and the configured single sign-on (SSO) method.
Authentication method
Secure Access Module status
Gateway
 SSO method Details
SAML-based SSO with IAM integration
Installed or not installed
Internet Access Cloud Gateway or On-Premises Gateway (Proxy mode)
SAML-based SSO using an integrated IAM system
See Identity and access management integration
NTLM v2 or Kerberos-based SSO
Installed or not installed
Internet Access Cloud Gateway or On-Premises Gateway (Proxy mode)
NTLM v2 or Kerberos-based SSO through Internet Access On-premises Authentication Proxy service
See
Private IP bypass
Not installed
Internet Access Cloud Gateway or On-Premises Gateway (Proxy mode)
Important
Important
IP addresses on the bypass list connecting through the cloud gateway must be present in the X-Forwarded-For traffic header to successfully authenticate. The default gateway is excluded from this method.
Not required if endpoints connect from private IP addresses on the user authentication bypass list
See Adding Corporate Locations to the Internet Access Cloud Gateway and Deploying an Internet Access On-Premises Gateway
Unenforced authentication
Not installed
Internet Access On-Premises Gateway
Not required if:
  • User authentication is disabled
  • ICAP is enabled
See Deploying an Internet Access On-Premises Gateway