Additional configuration in the operating system and browser

May 23, 2024

ID 228052

These instructions are applicable to computers with a Windows operating system.

Depending on the type of browser and the authentication protocol being used, additional configuration may be required to ensure correct authorization of users from computers that are members of an Active Directory domain that is configured for SSO authentication. Authorization from computers that are not members of an Active Directory domain configured for SSO authentication does not require additional configuration and is carried out according to the procedure of the authentication protocol being used.

Kerberos authentication

To ensure correct operation of Kerberos authentication regardless of the type of browser being used, the following preliminary configuration of the operating system must be completed:

  • Configure time synchronization on the servers of Active Directory domain controllers, on the Kaspersky Secure Mail Gateway cluster nodes, and on the computer that is used to connect to the web interface.
  • Add A- and PTR records on the DNS server for the Kaspersky Secure Mail Gateway cluster nodes and make sure that they are correctly recognized on the cluster nodes and on the computer that is used to connect to the web interface.

For more information about configuring these settings, see the accompanying documentation on the operating system.

To perform additional configuration in the Google Chrome and Microsoft Edge browsers:

  1. On the computer from which you are connecting to the web interface, select the Internet options section in the control panel.
  2. On the Security tab, select the Local intranet zone and click the Sites button.

    The Local intranet window will open.

  3. Click the Advanced button.
  4. In the window that opens, enter the full URL of the cluster node in FQDN format in the input field and click the Add button. Repeat this step for each cluster node.

    You can also enter a domain name to add all the addresses in the domain at the same time (for example, .example.com).

  5. Make sure that the addresses were added and click the Close button.
  6. Close all previously opened windows by clicking the OK buttons.

Additional configuration is now complete. The user whose profile has been configured is able to connect to the application web interface from this computer using the Google Chrome and Microsoft Edge browsers without entering their account credentials.

To perform additional configuration in the Mozilla Firefox browser:

  1. In the address bar of the browser, enter about:config, then click the Accept the Risk and Continue button on the opened page.
  2. In the options search bar, type negotiate.
  3. In the opened list of parameters, in the network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris fields, enter the full URLs of all cluster nodes in FQDN format separated by commas.

    Click the firefox_tick icon on the right of the field to save the entered addresses.

    You can also enter a domain name to add all the addresses in the domain at the same time (for example, .example.com).

Additional configuration is now complete. The user whose profile has been configured is able to connect to the application web interface from this computer using the Mozilla Firefox browser without entering their account credentials.

NTLM authentication

No additional configuration is required for NTLM authentication to work correctly in the Google Chrome and Microsoft Edge browsers.

To perform additional configuration in the Mozilla Firefox browser:

  1. In the address bar of the browser, enter about:config, then click the Accept the Risk and Continue button on the opened page.
  2. In the options search bar, type ntlm.
  3. In the opened list of parameters, in the network.automatic-ntlm-auth.trusted-uris field, enter the full URLs of all cluster nodes in FQDN or IP address format separated by commas.

    Click the firefox_tick icon on the right of the field to save the entered addresses.

    You can also enter a domain name to add all the addresses in the domain at the same time (for example, .example.com).

    When connecting to the web interface, you will need to enter the node address in the same format as indicated in this field.

Additional configuration is now complete. The user whose profile has been configured is able to connect to the application web interface from this computer using the Mozilla Firefox browser without entering their account credentials.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.