Integrated Windows Authentication

Trustelem admin configuration

The option « Integrated Windows Authentication » under security tab must be enabled. In case of problem, please check the following points:

  • The IP range of your internal network must be properly set and the access must come from this network (IWA is only enabled on the internal zone).
  • Access must be done through https://mycompany.trustelem.com (the Trustelem admin console does not allow IWA).
  • The user whose Windows session is running must have been previously imported from your Active Directory server. A Trustelem connector linked to this directory must also be active and running.
  • Last point: your logs will have a login failure entry with the users identity if a user from your domain is identified by IWA but was not registered with Trustelem.


Server configuration

  • Connect to one of your servers as a domain administrator.
  • Open a command interpretor and enter the following command:

    setspn -s HTTP/mycompany.trustelem.com trustelem-user
    replace the final ‘trustelem’ with the name of the user running the Trustelem connector


Client configuration

Enabling IWA on your clients is a browser-specific operation.

  • Connect to a domain controller as a domain administrator
  • Download the file present in this link https://support.google.com/chrome/a/answer/187202
  • Extract the folder
  • Open the Group Policy Management Console (gpmc.msc)
  • Choose an existing GPO or create a new one

    gpo chome

  • Edit the policy (Right click > Edit)
  • Navigate to User Configuration/Policies/Administrative Template, right click > “Add/Remove a template”

    gpo chome

  • Click on “Add” and select the file in the previously extracted folder (policy_template/windows/adm/{langue}/chrome.adm)

    gpo chome

  • Navigate to User Configuration/Policies/Administrative Template/Classic Administrative Templates(ADM)/Google/Google Chrome/Policies for HTTP Authentication/Authentication server whitelist, right click > “Edit”.
  • Click on “Enabled” and enter “*.trustelem.com” in the value field

    gpo chome

  • Navigate to User Configuration/Policies/Administrative Template/Classic Administrative Templates(ADM)/Google/Google Chrome/Policies for HTTP Authentication/Supported authentication schemes, right click > “Edit”
  • Click on “Enabled” and enter “negotiate” in the value field

    gpo chome

  • Verify that the GPO is enabled and linked to your domain

  • Connect to a domain controller as a domain administrator
  • Open the Group Policy Management Console (gpmc.msc)
  • Choose an existing GPO or create a new one

    gpo ie

  • Edit the policy (Right click > Edit)
  • Navigate to User Configuration/Policies/Administrative Template/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Site to Zone Assignment List, right click > “Edit”
  • Click on “Enabled” and enter “*.trustelem.com” in the first field and “1” (Intranet zone) in the second field

    gpo ie

  • Navigate to User Configuration/Policies/Administrative Template/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone/Logon Options, right click > “Edit”
  • Click on “Enabled” and choose “Automatic logon with current username and password”

    gpo ie

  • Check that the GPO is enabled and linked to your domain

  • In the Windows start menu, search: Internet Options > Security
  • Select Local Intranet, then click on Sites
  • In the Local Intranet window, make sure that Include all local sites (intranet) not mentioned in other zones is checked, the click on Advanced
  • In the Local Intranet window, enter *.trustelem.com to the zone, so as to activate Single Sign-On. Click on OK, the close the Local Intranet window
  • In the Internet Options > Security > Local Intranet window, click on Custom Level… > User Authentication and choose Automatic logon with current username and password
  • Click on OK. Restart Microsoft Internet Explorer / Edge so as to activate this configuration

  • On user desktops, open an Active Directory-authenticated session
  • Launch Firefox
  • In the address bar, enter about:config
  • Select the network.negotiate-auth.trusted-uris parameter
  • Enter your custom Trustelem hostname: mycompany.trustelem.com or add it to the list, separated by commas
  • Click OK
  • Restart Firefox