Companies that have Active Directories or Okta integrated with TMWS can make use of transparent authentication to confirm that HTTP requests through administrator-configured Internet gateways are initiated by Active Directory users.
TMWS performs transparent authentication through the NTLM protocol.
Transparent Authentication Requirements:
For transparent authentication to work, the following requirements must be satisfied:
Requirement |
Details |
---|---|
Administrators must enable AD FS, Direct, Agent, Azure AD, or Okta authentication. |
|
Administrators must enable transparent authentication for each Internet gateway. |
|
Users must initiate HTTP requests from supported desktop browsers. |
Supported desktop browsers:
Mobile browsers and non-browser HTTP requests are not supported. |
Additional Information:
If the user logs on to the host computer using a valid Active Directory account:
Authentication of HTTP requests sent by a known user (a user who sends requests from an administrator-configured Internet gateway) follows the AD authentication method settings in Directory Services.
If the user logs on to the host computer using another account or from an unrecognized gateway, authentication of HTTP requests requires the user's Active Directory or guest user logon credentials.
If authentication was successful, TMWS handles the HTTP request and also issues a cookie to skip the authentication process in future requests.
TMWS can also perform transparent authentication on HTTPS requests. The authentication process depends on whether HTTPS decryption is enabled or disabled in Policies > Global Settings > HTTPS Inspection.
If authentication was unsuccessful, TMWS handles the HTTP request immediately. If automatic logon using the guest user account is enabled or the guest user account was used, TMWS allows the user to log on as a guest.