Integrated Windows authentication in Microsoft Edge - single-sign-on

I am trying to implement Integrated Windows authentication on Edge, but it always prompts me for credentials, whereas Integrated Windows authentication is working for IE, Chrome and Firefox. I have tried adding the site to local intranet sites in security options and enabled automatic login but no luck on edge browser.
Does Edge support Integrated Windows authentication?
I have tried adding the site to local intranet sites in security options and enabled automatic login as well login with current username and password.

Which version of Microsoft Edge version are you using?
Please check the following configuration to Enable Integrated Windows Authentication:
Open Internet Explorer and select "Tools" dropdown.
Select the "Advanced" tab.
Scroll down to the "Security" section until you see "Enable Integrated Windows Authentication". Select the box next to this field to enable.
Select the "Security" tab.
Select "Local Intranet" and select the "Custom Level" or "Advanced" button.
Scroll down to "User Authentication" > "Logon".
Checked the "Automatic logon with current user name and password" option.
In the "Security" tab, select "Local Intranet" option and click the "Sites" button.
Click the "Advanced" button, then, add your website to the zone.
Close the window and apply the configuration.
If still not working, I suggest you could feedback your issue to Microsoft Edge platform forum, like this thread.

It may be because of AuthServerAllowlist. You can check your policies at edge://policy/.
Specifies which servers to enable for integrated authentication.
Integrated authentication is only enabled when Microsoft Edge receives
an authentication challenge from a proxy or from a server in this
list.
[...]
If you don't configure this policy, Microsoft Edge tries to detect if
a server is on the intranet - only then will it respond to IWA
requests. If the server is on the internet, IWA requests from it are
ignored by Microsoft Edge.
As the documentation states; if your server/site isn't included in the AuthServerAllowlist and Edge can't identify your site as an intranet site Edge won't use Integrated Windows Authentication.

Enabling Integrated Windows Authentication
Use the following procedure to enable silent authentication on each computer.
Open the Windows Settings and search Internet Options.
The following window opens.
Click Local intranet > Sites.
Click Advanced.
Enter the tenant specific URL into the Websites text box.
Click Close.

As far as I can tell and from what I have read, Edge does not support Integrated Windows authentication; at least as of version 42.17134.1098.0.

Related

vpn ibm-cloud MotionPro Client on Windows 10 not allowing addition of profiles

I am following steps to create a VPN, for accessing IBM Cloud, by using standalone client. Instructions are here,
https://cloud.ibm.com/docs/iaas-vpn?topic=iaas-vpn-standalone-vpn-clients
It states "Run the MotionPro Setup Wizard. Then, click the MotionPro icon on your desktop and select Profile > Add."
The installation ran fine - seemingly. I have a red A in my task tray and the Secure Tunnel is connected.
However, the Motion Pro window doesn't have any means for interaction - there are no menus - nothing...see screen grab.
I also don't have any MotionPro desktop on my desktop.
MotionPro Window Screengrab
So - MotionPro seems to have installed..but I still have to go thru the browser based logon process...so it's not really doing anything for me.
What am I missing?
Couldn't figure out a way to create a profile using the MotionPro Client provided by IBMCloud.
Eventually found a download link to install myself...
https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/downloads/downloads.html
I downloaded "Windows MotionPro client 32bit / 64bit"
After running the install, I then had a client executable that displayed a User Interface more like that which I expected and aligned to the steps in the IBMCloud documentation.
Created the profile - and can now quickly establish a VPN.

How to stop IE11 from caching security context

We have windows integrated SSO setup for our CMS platform but if our scheduled task to open IE 11 and load the CMS home page runs before the VPN is signed on then it doesn't get authenticated and we forward to another site. If I try to browse to intranet CMS site again after VPN is signed on it still won't work because IE11 caches security context. If I close IE11 and re-open and browse it does SSO just fine because security context is refreshed. Any idea how to override this in registry or something?
It seems that the CMS website caches the vpn data and you can try to disable IE website cache to see if it works:
Click Alt+X to open the Tools panel in IE 11.
From the menu, select Internet options.
Click Settings in Browsing history section on the General tab.
On the Temporary Internet Files tab, confirm that Every time I visit the webpage is selected.
On the Caches and databases tab, confirm that Allow website caches and databases is not selected.
Click OK to apply the settings.

Setting Auto Proxy in Force.com IDE behind VPN

I work remotely, so I always have to connect to COrporate VPN.
I'm having issues with proxy setting that are needed for Force.com IDE.
I was able to access Salesforce.com both sandboxes and production from IE, Chrome or firefox, but not able to connect using force.com IDE/Eclipse.
I tried to check for proxy settings in Internet Options, but all I can see is "Automatically Detect Settings" is selected and nothing else.
I tried calling my company helpdesk and they are asking me to call either Salesforce/Eclipse teams to find what is wrong with it. :)
So not sure how to get proxy host and port details.
Go to “Window –> Preferences”
Preferences box prompt out, choose “Network Connections”
Select “Manual” from Action Provider drop down list
Select Http in the List and click “Edit” button
Fill in the proxy server host and port number, (fill in the username and
password if any)
Ok, Done.

Visual Studio Online alternate credentials not available

I am trying to hook up Atlassian Source Tree to my GIT repository on Visual Studio Online. To do so, you have to enable alternate credentials. However, when I go to the screen for alternate credentials it has a warning message that says "Alternate Credentials have been disabled for your account."
I can click the "enable alternate credentials" and put in a password but the error message is still there at the top of the form and Source Tree doesn't work.
How do I enable credentials?
There is a setting that controls it for the account. Are you the account owner?
If so, from your account home page, click the gear icon in the upper right. Then click on the Settings tab. Check under Application Connections and enable alternate authentication credentials.

Authorisation failure Connecting to TFS from Eclipse in Ubuntu

I am using Eclipse Juno (Linux) and added TFS plug-in for Eclipse. Server URL https://******ftware.visualstudio.com and added username and password. This is my Microsoft Live ID which got access to Visual Studio online, but it gives an error message Authorization failure connecting to https://******ftware.visualstudio.com using this username and password.
Username and password works well when connecting from browser. Not sure what is going on.
This plug-in works well on a Windows machine.
You may need to use the "alternate credentials" that does not rely on an MSA (Live ID). In the web access you can click on your name in the top right. There should be a settings drop down that lets you enable and set the alternate credentials for Linux.
https://binary-stuff.com/post/how-to-enable-alternate-credentials-in-visual-studio-online-vso