cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
110
Views
0
Helpful
2
Replies
kinggmmm
Beginner

Domain authentication

how could I authenticate users in the domain without a pop-up menu so that can authenticate by using windows login

I have already added the active directory in the realm but the users can separate traffic by using the access policy.

 

could anyone help me?

 

 

 

 

2 REPLIES 2
balaji.bandi
VIP Expert

You need to integrate with single sign on

 

https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117937-configure-wsa-00.html

 



BB


*** Rate All Helpful Responses ***

Ken Stieers
Engager

So a couple of ways to do AD auth...

1. Join the WSA to the domain, make sure the proxy interface's name is in your local AD domain... eg. p1 should have a name like "proxy.company.local". Then in your browsers make sure they do AD integrated authentication for the Intranet zone. Or add the name of this interface to the intranet zone.

2. Use CDA or ISE-PIC to scrape login events off of your AD servers and feed them to the WSA. If you're on Windows 2019, you have to go to ISE-PIC





The one issue you'll run into with option 1 is that some common apps (outlook) don't handle web auth, so depending upon what you do with unauthenticated traffic your users may have to open a browser and go to an internet site before things work...



Option 2 is better by far...




Content for Community-Ad