Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
357
Views
0
Helpful
2
Replies

Domain authentication

kinggmmm
Level 1
Level 1

‎05-04-2021 04:54 AM

how could I authenticate users in the domain without a pop-up menu so that can authenticate by using windows login

I have already added the active directory in the realm but the users can separate traffic by using the access policy.

 

could anyone help me?

 

 

 

 

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎05-04-2021 05:05 AM

You need to integrate with single sign on

 

https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117937-configure-wsa-00.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Ken Stieers
VIP
VIP

‎05-04-2021 07:13 AM

So a couple of ways to do AD auth...

1. Join the WSA to the domain, make sure the proxy interface's name is in your local AD domain... eg. p1 should have a name like "proxy.company.local". Then in your browsers make sure they do AD integrated authentication for the Intranet zone. Or add the name of this interface to the intranet zone.

2. Use CDA or ISE-PIC to scrape login events off of your AD servers and feed them to the WSA. If you're on Windows 2019, you have to go to ISE-PIC





The one issue you'll run into with option 1 is that some common apps (outlook) don't handle web auth, so depending upon what you do with unauthenticated traffic your users may have to open a browser and go to an internet site before things work...



Option 2 is better by far...




0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents