Configure the correct ports and services to allow end users to authenticate using SSO through your on-premises Active Directory server from your corporate intranet locations.
The authentication proxy service on the Zero Trust Secure Access Internet Access On-Premises
Gateway facilitates NTLM v2 or Kerberos-supported single sign-on (SSO) authentication with your on-premises Active Directory server. The service retrieves settings and
data from TrendAI Vision One™ via HTTPS through port 443 on firewall A.
Once configured, the authentication proxy service allows end users to reach your Active
Directory server from endpoints under the following scenarios.
|
Secure Access Module status
|
Location |
Connection method
|
|
Installed
|
Corporate network
|
Any method
|
|
Not installed
|
Corporate network
|
Through a configured Internet Access On-Premises Gateway or through the Internet Access Cloud Gateway from a defined IP address
|
Before configuring the authentication proxy service, you must have a Service Gateway virtual appliance installed with the Zero Trust Secure Access Internet Access On-Premises Gateway service
enabled.
Procedure
- In , enable Single Sign-On with Active Directory (On-Premises) and complete the configuration steps.
- Ensure that DNS can resolve the FQDN of the authentication proxy with the proper IP
address for endpoints accessing from the corporate network. Note that if you are using:
- a single gateway, the authentication proxy FQDN is the
<single gateway FQDN> - multiple gateways behind a load balancer, authentication proxy FQDN is the
<load balancer FQDN>
- a single gateway, the authentication proxy FQDN is the