Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
127
Views
0
Helpful
1
Replies

Integrated Windows Authentication (IWA) support

msanecki
Level 1
Level 1

‎05-06-2025 03:14 AM

Hi,

As we know, Microsoft IWA (Integrated Windows Authentication) enables authentication/authorization using Windows AD to provide SSO experience to users. This is not popular scheme but some customers use it in Microsoft based environments.

First of all - is IWA oficially supported in current Secure Web Appliance software versions? If yes, please help me find IWA configuration documentation/guides, and what are requirements or restrictions for proxy implementation with IWA based use cases?

Labels:
0 Helpful
1 Reply 1

Ken Stieers
VIP
VIP

‎05-06-2025 09:49 AM

Yes, even in the latest version, Windows Authentication is supported.
https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa-15-5/user-guide/swa-userguide-15-5/m-authentication-and-authorization.html#con_1392997
You probably want to do it with Kerberos vs. NTLM v2, but its all there...
The other option, that also solves some issues with any version of auth is Transparent auth, where ISE or ISE-PIC grabs the logins from AD and feeds the WSA via pxGrid, that way the WSA sees the user/ip mapping BEFORE the user can open a browser or other tool that will want to access the internet and can apply the appropriate policy. (ignore the references to CDA, it's no longer supported and only supported up to Server 2012R2)

0 Helpful
Customers Also Viewed These Support Documents