Configure Browsers for Integrated Windows Authentication

To support integrated Windows authentication using either NTLM or Kerberos, the browser must be configured correctly to support this integration. This becomes particularly important when only Kerberos is used, as the browser won’t allow the user to continue if Kerberos authentication fails, whereas with NTLM authentication, the integration won’t work (the user will be prompted to enter a password), but the user will be allowed to continue to the Keyfactor Command Management Portal. Many modern browsers support integrated authentication. The following instructions cover adding the Keyfactor Command server to Window’s trusted sites to support integrated authentication for Microsoft Edge and Google Chrome. Configuring Firefox to support integrated authentication is beyond the scope of this guide.

Important:  Internet Explorer is no longer supported for Keyfactor Command. For a list of supported browsers, see System Requirements.

To configure Windows to support integrated authentication:

  1. In Windows either do a search for Internet Options or open Control Panel or Settings and locate Internet Options.
  2. In Internet Options, go to the Security tab.
  3. On the Security tab, highlight Local intranet and click Sites.
  4. On the Local intranet sites popup, click Advanced.
  5. On the Local intranet dialog, enter the fully qualified domain name of your Keyfactor Command server and click Add.
  6. Click Close and OK until you have closed all the dialogs.

  7. Exit your browser (this setting applies to Microsoft Edge and Google Chrome) and open it again to attempt your authentication.

    Figure 481: Configure Local Intranet Zone in Internet Properties

Important:  It is not sufficient to put the Keyfactor Command server in the Trusted sites zone. The server needs to be in the Local intranet zone for proper integrated authentication functionality (assuming these zones are still configured as per the default configuration).