Enabling IWA in the authentication policy

You can configure Privileged Access Service to bypass already configured authentication rules and default authentication profiles when IWA is configured. This option is configured by default.

Using IWA with identity cookie

This is an optional configuration. When you enable Integrated Windows Authentication (IWA), Privileged Access Service can write a cookie in the current browser after a successful IWA-based log in. Privileged Access Service checks the browser for this cookie when the user logs in to the Admin Portal. As long as the cookie is there, the user is not prompted for multi-factor authentication.

Using IWA to authenticate application access

This is an optional configuration. You can configure Privileged Access Service to use IWA to override all application specific authentication requirements. For example, you can configure the Box application to require two authentication challenges if users are accessing the application from inside the network. However, you can tell Privileged Access Service to ignore those authentication requirements if IWA is available.