Integrated Windows Authentication

Trustelem admin configuration

The option « Integrated Windows Authentication » under security tab must be enabled. In case of problem, please check the following points:

  • The IP range of your internal network must be properly set and the access must come from this network (IWA is only enabled on the internal zone).
  • Access must be done through https://mycompany.trustelem.com (the Trustelem admin console does not allow IWA).
  • The user whose Windows session is running must have been previously imported from your Active Directory server. A Trustelem connector linked to this directory must also be active and running.
  • Last point: your logs will have a login failure entry with the users identity if a user from your domain is identified by IWA but was not registered with Trustelem.

Server configuration

  • Connect to one of your servers as a domain administrator.
  • Open a command interpretor and enter the following command:

replace the final ‘trustelem’ with the name of the user running the Trustelem connector

Enabling IWA on your clients is a browser-specific operation.

Google Chrome (with GPO)

  • Connect to a domain controller as a domain administrator
  • Download the file present in this link https://support.google.com/chrome/a/answer/187202
  • Extract the folder
  • Open the Group Policy Management Console (gpmc.msc)
  • Choose an existing GPO or create a new one gpo chome
  • Edit the policy (Right click > Edit)
  • Navigate to User Configuration/Policies/Administrative Template, right click > “Add/Remove a template” gpo chome
  • Click on “Add” and select the file in the previously extracted folder (policy_template/windows/adm/{langue}/chrome.adm) gpo chome
  • Navigate to User Configuration/Policies/Administrative Template/Classic Administrative Templates(ADM)/Google/Google Chrome/Policies for HTTP Authentication/Authentication server whitelist, right click > “Edit”.
  • Click on “Enabled” and enter "*.trustelem.com" in the value field gpo chome
  • Navigate to User Configuration/Policies/Administrative Template/Classic Administrative Templates(ADM)/Google/Google Chrome/Policies for HTTP Authentication/Supported authentication schemes, right click > “Edit”
  • Click on “Enabled” and enter “negotiate” in the value field gpo chome
  • Verify that the GPO is enabled and linked to your domain

Internet Explorer / Edge (déploiement par GPO)

  • Connect to a domain controller as a domain administrator
  • Open the Group Policy Management Console (gpmc.msc)
  • Choose an existing GPO or create a new one gpo ie
  • Edit the policy (Right click > Edit)
  • Navigate to User Configuration/Policies/Administrative Template/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Site to Zone Assignment List, right click > “Edit”
  • Click on “Enabled” and enter "*.trustelem.com" in the first field and “1” (Intranet zone) in the second field gpo ie
  • Navigate to User Configuration/Policies/Administrative Template/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone/Logon Options, right click > “Edit”
  • Click on “Enabled” and choose “Automatic logon with current username and password” gpo ie
  • Check that the GPO is enabled and linked to your domain

Internet Explorer / Edge (configuration locale)

  • In the Windows start menu, search: Internet Options > Security
  • Select Local Intranet, then click on Sites
  • In the Local Intranet window, make sure that Include all local sites (intranet) not mentioned in other zones is checked, the click on Advanced
  • In the Local Intranet window, enter *.trustelem.com to the zone, so as to activate Single Sign-On. Click on OK, the close the Local Intranet window
  • In the Internet Options > Security > Local Intranet window, click on Custom Level… > User Authentication and choose Automatic logon with current username and password
  • Click on OK. Restart Microsoft Internet Explorer / Edge so as to activate this configuration

Firefox

  • On user desktops, open an Active Directory-authenticated session
  • Launch Firefox
  • In the address bar, enter about:config
  • Select the network.negotiate-auth.trusted-uris parameter
  • Enter your custom Trustelem hostname: mycompany.trustelem.com or add it to the list, separated by commas
  • Click OK
  • Restart Firefox