I have IWA configured for our on-premise portal and we are having a problem where users are being prompted to enter their Windows credentials before accessing portal. From the documentation that I have read, users should pass right through and not have to log in at all as long as they have a user account (which they do). From the Documentation:
When you use IWA, logins are managed through Microsoft Windows Active Directory. Users do not sign in and out of the portal website; instead, when they open the website, they are signed in using the same accounts they used to log in to Windows.
Does anyone else experience this? Is there a workaround or an IIS setting that I'm missing?
I can add the URL as a Trusted Site but I don't see this as a viable solution.
Yes I have enabled only Windows Authentication. This is happening in both Chrome and IE. I haven't tried Firefox as of yet because it is not a favored browser in our org. Most users are Chrome and IE
Although the article is dated, the overall information is still accurate today: https://support.microsoft.com/en-us/help/258063/internet-explorer-may-prompt-you-for-a-password .
There are several ways to address the issue if the problem is tied to browser security zones. One way is to ensure the site is in the local intranet zone, which allows credential passing by default. Another option is to enable credential passing in the internet zone, which I strongly discourage. If you are not able to manually change IE security settings because of group policy, you will have to reach out to your IT department to ask about why your site is showing up in the internet zone.
Hi Joshua - Thanks for mentioning browser settings (security zones) - It was key in getting ours working with (first) IE, Edge, and Chrome. This video was really helpful, but doesn't cover it as I recall (maybe its implied and I'm lacking).
Anyway, Thanks! So, Firefox remains an issue for us though. It appears accepting AD credentials is somehow tied to Firefox cached site data or browsing history. Is there a Firefox config similar to IE internet options>Security> zones?
FF does not rely on the Windows security zones or certificate stores. If you search the web, you will find numerous blog posts and forums that describe enabling FF for IWA.