search cancel

Unable to authenticate to email accounts or other sites that utilize authentication redirect

book

Article ID: 203098

calendar_today

Updated On:

Products

Web Isolation Cloud

Issue/Introduction

Selective Web Isolation uses a proxy to forward certain sites to isolation based on the web category.

Environment

Selective Web Isolation

Cause

Authentication redirects are needed for some sites. Related sites can share the same authentication resource.

youtube.com may not be isolated by category, and mail.google.com might be isolated by category.

Both use accounts.google.com to authenticate.

If accounts.google.com is not in a category to be isolated, youtube.com, which is also not isolated, will authenticate properly.

If accounts.google.com is isolated, then mail.google.com which is also isolated, will authenticate properly.

Under this circumstance, both will not work.

Resolution

Go to:
Policy Entities>Rule Advanced Settings>Selective Isolation in Online Service Suites

Enable the option to use the predefined Symantec list for more common sites.

Enable the option to use your own custom list for any custom site, i.e. an internal SAML site.

Apply this advanced setting to a rule that matches the main site that is accessed in Isolation.

Push Settings

This will cause Isolation to hold the redirect internally and process the request for the Isolated site.

Note: The browser will not show redirected URL in the local address bar when this setting is in place.