Enabling IWA (ADFS only)

When Integrated Windows Authentication (IWA) is used, users on Windows clients are not prompted for the ADFS login name and password when they access servers on the corporate intranet. IWA is available for basic SAML authentication, Notes federated login, and Web federated login.

Before you begin

Compete the following prerequisites:
  • In the Web SSO Configuration document that your servers use, make sure that the Windows single-sign on integration (if available) field is set to Disabled.
  • (Notes federated login only): In the Client Settings tab of the IdP configuration document for the ID vault server, set Enable Windows single sign-on to Yes.
  • Make sure that client computers from which users log in are in the same Active Directory domain as the ADFS server, unless Active Directory Trust relationships are in place.

About this task

IWA uses the Kerberos token that is issued when a user logs in to a Windows workstation to authenticate users to ADFS. This type of authentication is also known as SPNEGO authentication.

Complete the steps in this section to enable IWA on ADFS.