search cancel

Preventing popups with guest authentication using IWA direct in transparent deployment on the ProxySG


Article ID: 165783


Updated On:


Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


You want to enable guest authentication on your network and don’t want users to have to enter their credentials via a web browser popup.


  1. Configure IWA Direct per the Proxy Authentication Guide
  2. Modify the virtual URL in your IWA General setting to  In this example the proxy is joined to DraperSupport.local

  3. Create a static DNS entry for cfauth1 pointing to the SG.

  4. Add to local intranet sites in IE on your domain PC's.  You can also push this via Group policy

  5. Modify your existing Web Authentication layer.  Create a new combined Action Object.  Create a new Permit Authentication Error Object.  Select the Selected errors radio button.  Check the All except User Credentials Required checkbox.  Add both the new Permit Auth Error object & your normal authentication object to the combined object.


  6. Create a 2nd Web Authentication Layer.  Create a new user authentication error source object.  Select the any errors radio button.
  7. Create a new Authenticate Guest Action Object.  Enter a Guest Username.  Choose your IWA direct realm from the drop down.  Select Use realm's surrogate refresh time.  Leave Mode blank.
  8. Install the policy and apply all changes.
  9. Now your non domain PC's should show up as Guest & your domain PC's show up like normal.