Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-5869: How to bypass single-sign-on and force username password authentication in IWA-enabled environments.

Centrify Identity Service, App Edition ,  

12 April,16 at 11:46 AM

Applies to: Centrify Identity Service version 15.9 and above

Question:

Machines on the domain have been configured for IWA authentication which means AD users will automatically authenticate into their Centrify User Portals when accessing supported web-services. 
(For more information, see "Setting Integrated Windows authentication (IWA)" in the Centrify Cloud Manager Online Help)

However there are some scenarios where a second AD user (such as IT Helpdesk staff) may need to authenticate into their own User Portals while the original AD user is still logged into their Windows session.

In the past, this could be achieved by forcing "&iwa=false" into the URL, but this was not an officially behaviour and as of version 15.8, no longer works in the desired manner.

Is it still possible to bypass IWA authentication and login as a separate user to the current Windows user?


Answer:

Option 1:
  • A new query string parameter has been added for this use case: &nozso=true 
  • Append this string to the end of the User Portal login URL to prevent single-sign on and force the regular username / password screen:
    • https://cloud.centrify.com/my?customerid=ABC123&nozso=true
  • (Where "ABC123" is the actual tenant ID, or login suffix of the target environment)


Option 2: 
  • Navigate to the User Portal URL as normal and let IWA commence to log the current Windows user in
  • Have the user manually logout of their User Portal
  • This will clear the login token and the regular username / password login screen will now be shown.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

No related Articles