Enabling IWA Service on the Connector
Integrated Windows authentication (IWA) is enabled by default when you install the connector. However, you may want to make configuration changes (for example, defining your corporate IP range) and ensure that browsers used by your users are configured properly for IWA. See How to Configure Browsers for Silent Authentication.
You must restart the IBM Security Connector after importing the certificate.
To configure IWA and import the certificate:
-
Log in to Admin Portal.
-
Click Settings > Network > Centrify Connectors.
-
Select the relevant connector or add a new one.
You can modify the following settings:
Setting or property | Change to do the following |
---|---|
Enable web server | The default value is Enabled. This setting supports Integrated Windows Authentication and Office clients. If you disable the web server, you cannot change the DNS Hostname, HTTP Port Number and HTTPS Port number values. |
DNS Hostname | The default is the connector’s host computer’s name. You can enter a DNS short name here or the fully qualified domain name in the IE local intranet zone. |
IWA Detection Timeout | The length of time Integrated Windows Authentication (IWA) will wait for response from the connector. The default is 10 seconds. |
HTTP Port Number | The default port is 80. Port 80 is the standard port. If you change the port number to a non-standard number (for example, 111), Firefox and Chrome may require additional configuration because these browsers block some non-standard ports. Do not change the port number unless you know the implications. |
HTTPS Port Number | The default port is 8443. Port 8443 is the standard port. If you change the port number to a non-standard number, Firefox and Chrome may require additional configuration because these browsers block some non-standard ports. Do not change the port number unless you know about the implications. |
Connector Host Certificate | The host certificate used by the IBM Security Connector must be issued by a trusted issuer. You can trust the tenant specific CA we have created for you by default, or provide your own. Click Upload to upload a certificate into the Privileged Access Service. See Configuring SSL for certificate requirement information. Click Download to download your connector host certificate. Click Download your IWA root CA certificate to save a copy of the certificate from the IWA root CA. |
-
Click Save.
-
Click Corporate IP Range.
-
Click Add to enter a your corporate IP range.
IWA will not work for users whose computers are outside of the defined corporate IP range.
-
Click OK.
-
Reboot your IBM Security Connector if you have uploaded a certificate.