Centrify Identity Service version 15.9 and aboveQuestion:
Machines on the domain have been configured for IWA authentication which means AD users will automatically authenticate into their Centrify User Portals when accessing supported web-services.
(For more information, see "Setting Integrated Windows authentication (IWA)
" in the Centrify Cloud Manager Online Help)
However there are some scenarios where a second AD user (such as IT Helpdesk staff) may need to authenticate into their own User Portals while the original AD user is still logged into their Windows session.
In the past, this could be achieved by forcing "&iwa=false" into the URL, but this was not an officially behaviour and as of version 15.8, no longer works in the desired manner.
Is it still possible to bypass IWA authentication and login as a separate user to the current Windows user?Answer:Option 1:
- A new query string parameter has been added for this use case: &nozso=true
- Append this string to the end of the User Portal login URL to prevent single-sign on and force the regular username / password screen:
- (Where "ABC123" is the actual tenant ID, or login suffix of the target environment)
- Navigate to the User Portal URL as normal and let IWA commence to log the current Windows user in
- Have the user manually logout of their User Portal
- This will clear the login token and the regular username / password login screen will now be shown.