Agent Authentication

Agent Authentication uses the Synchronization Agent and Authentication Agent to synchronize and authenticate users. This authentication method functions the same as the AD FS IdP server. You can use this authentication method if you do not have an AD FS server, but still want the same level of security that AD FS Authentication provides.

When there are multiple domains, they have the same authentication method, that is, Direct, AD FS, Agent, Okta, or Azure AD. Each domain may have different settings under the same authentication method.

  1. Go to Administration > USERS & AUTHENTICATION > Directory Services.
  2. Click here on the upper area of the Directory Services screen.
  3. On the screen that appears, select Agent and then click Save.

    If you have not installed the Synchronization Agent and the Authentication Agent yet, click Download the Synchronization Agent and Download the Authentication Agent, and install them to your Intranet. For details, see Synchronization Agent Configuration and Authentication Agent Configuration.

  4. Click next to Disabled under AD Integration corresponding to the domain you want to configure.
  5. On the Edit AD Integration Settings screen that appears, configure the following parameters.

    Item

    Setting

    Domain name

    This field cannot be modified.

    Authentication method

    This field cannot be modified.

    Enable AD integration

    Click On or Off as necessary.

    Allow non-synchronized users

    Click On or Off to decide whether to allow the AD users of your organization to visit websites through TMWS if their data is not synchronized to TMWS.

    Note:

    This setting takes effect only when User authentication is set to Transparent authentication on an TMWS gateway.

    Last synchronized

    Date and time when the last synchronization of Active Directory users and groups occurred.

  6. In the Authentication Agent Setting section:
    1. Test if the agent and the required ports have been set up properly. Type the agent's host address/port and transparent authentication port (if your organization requires transparent authentication), and then click Test Connection.
    2. If a connection was not established, check if the host address or ports are valid. If you configured your firewall settings for TMWS, check if the firewall allows incoming traffic through the ports.
  7. Click Save.