How do I set up "no-password" sign in for IdentityNow?

Version 21

    "No-password" sign in refers to the fact that, when an administrator has configured the system a certain way, you don't have to type in a password to get to your IdentityNow Launchpad. This is also known as Integrated Windows Authentication (IWA) or Kerberos.

     

    NOTES:

    • Following these instructions does not guarantee that you will have "no-password" sign in. Your administrator has to enable it for your company first. If you are not sure if this option is available to you, contact your IT department for assistance.
    • Even when you have this configured correctly, some apps you use might force you to sign in to IdentityNow to use high-risk pages or features. For more information, see Surf 237 Why am I being asked to sign back in to IdentityNow?

     

    The information that follows describes the trust settings you need to define for the following browsers:

     

     

    * Your administrator has the ability to configure the settings for these browsers remotely for your entire organization using group policies. If they have done this, you will not need to make any changes to the browser installed on your computer.

     

    The following browser does not require any special trust settings:

    • Safari on Mac

     

    NOTE: Chrome on Mac does not support "no-password" sign in.

     

     

    Firefox on Windows and Mac

     

    To set up your Firefox browser so you don't have to enter a password to sign in, you must complete these instructions for the Firefox browser.

     

    1. Open a new tab.

     

    2. In the Address field, type:
    about:config

     

    3. Press ENTER.

     

    NOTE: If you see a warning that this might void your warranty, click I'll be careful. I promise. These changes will not affect your warranty.

    ff about config.png
    4. In the page that displays, in the Search field type:
    network.negotiate-auth.trusted-uris
    ff about config results.png
    5. Right-click on the setting and click Modify.ff modify setting.png

    6. In the field that displays, type the domain name for the IdentityNow server:

    .customerdomain.com

     

    For example:

    .acme.com

     

     

    NOTE: Check with your IT administrator to confirm the correct value. If your site uses a custom URL or this value does not seem to be working, contact your IT department for assistance.

     

    7. Click OK.

     

    8. Close the about:config tab.

    ff value.png

     

     

    Internet Explorer on Windows

     

    It is likely that your administrator has already configured these settings remotely. However, if you're having problems, you can follow these instructions to verify that your browser is set up correctly.

     

    NOTES to Administrators only:

     

    1. Go to Internet Options > Security.

     

    NOTE: The instructions for getting to this panel depend on the version of IE you are using. See the help in IE for assistance.

     

    2. Click Trusted Sites.

    ie security.png
    3. Click Sites.ie trusted sites.png

    4. In Add this website to the zone, type the domain name for the IdentityNow server:

     

    https://*.customerdomain.com

     

    For example:

    https://*.acme.com

     

    NOTE: Check with your IT administrator to confirm the correct value. If your site uses a custom URL or this URL does not seem to be working, contact your IT department for assistance.

     

    5. Click Add.

    ie add site.png

    The site displays as shown in the example on the right.

     

    6. Click Close.

    IWA example fix.png
    7. Click Custom Level.ie custom level.png

    8. Scroll to the bottom of the list of settings to User Authentication

     

    9. Select Automatic logon with current user name and password.

     

    10. Click OK.

     

    11. Click OK again to close Internet Options.

    ie user auth setting.png

     

    Chrome on Windows

     

    Chrome honors the trust settings configured in Internet Explorer. Therefore, to use "no-password" sign in on Chrome, follow the instructions here to set up Internet Explorer.