The Centrify Identity Platform lets you accept an Integrated Windows Authentication (IWA) connection as sufficient authentication for users with Active Directory accounts when they login to Centrify Admin Portal or the Centrify User Portal.
Note: Integrated Windows Authentication is not available for Centrify Directory users, only Active Directory users.
For Integrated Windows Authentication to work:
1. Install a Centrify Connector inside your network.
Make sure you select the link "Download your IWA root CA certificate" and not the Download button above the link.
3. Install the IWA root CA certificate on the endpoint as a Trusted Root Certificate Authority. You can
4. Log into the Centrify portal with your custom login URL or default tenant URL:
- Centrify Admin Portal: (Ex. https://yourcompany.my.centrify.com/manage or https://AAA1234.my.centrify.com.manage)
- Centrify User Portal: (Ex. https://yourcompany.my.centrify.com/ or https://AAA1234.my.centrify.com)
Replace "yourcompany" with your custom name or default tenant ID.
Verify if the IWA root certificate is installed on the endpoint
1. Open a web browser on the endpoint machine
2. Navigate to the following address: https://<yourconnectorhostname>:<httpsport>/iwa/ping
Note: Replace <YourConnectorHostname> and <TheHttpsPortConfigured> with the corresponding values. For example: https://2008WindowsServer:8443/iwa/ping
3. Look for the green certificate vs red error box in the browser.
4. Make sure you deployed the IWA root CA certificate and not the Connector Host Certificate.
Verify policies are enabled to allow IWA
IWA is enabled by default, but check to make sure the setting has not been disabled.
1. In the Admin Portal, go to Core Services > Policies and select the policy set.
2. Expand Login Policies, and select Centrify Services.
3. In the right pane scroll down to Other Settings.
4. Make sure Allow IWA connections (bypasses login authentication rules and default profile) and Set Identity Cookie for IWA connections are both enabled. If you do not set this option, the cookie is not written in the browser after a successful IWA-based login.
5. Click Save
Verify the IWA service is enabled in your Centrify Connector Configuration
The IWA service is enabled by default, but check to make sure the setting has not been disabled.
1. In the Admin Portal, go to Settings > Network > Centrify Connectors.
2. Double-click on your Connector and go to IWA Service and make sure Enable Web Server is checked.
Make sure the browser is configured to allow IWA
Make sure there are no web servers on the Centrify Connector system
Even if there is no port conflict and the web server is using a different port than the connector, the certificate validation can fail.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.