SOLVED

Integrated Authorization for Intranet Sites

%3CLINGO-SUB%20id%3D%22lingo-sub-418321%22%20slang%3D%22en-US%22%3EIntegrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-418321%22%20slang%3D%22en-US%22%3E%3CP%3EChromium%20supports%20Integrated%20Authentication%3B%20as%20well%20as%20IE11%20and%20Edge%20(current)%2C%20so%20that%20users%20can%20authenticate%20to%20an%20Intranet%20server%20without%20having%20to%20prompt%20the%20user%20to%20login.%26nbsp%3B%20Our%20intranet%20URLs%20are%20specified%20in%20IE's%20Internet%20Properties%20as%20Local%20Intranet%20sites.%26nbsp%3B%20Will%20the%20new%20Edge%20also%20allow%20this%20functionality%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-418493%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-418493%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317600%22%20target%3D%22_blank%22%3E%40soundman_ok%3C%2FA%3E%26nbsp%3BChrome%2FChromium%2Fnew%20Edge%20all%20respect%20the%20%22Automatic%20Authentication%22%20settings%20for%20the%20Local%20Intranet%20Zone%20(this%20is%20one%20of%20only%20two%20places%20in%20Chromium%20that%20use%20Windows%20Security%26nbsp%3B%20Zones)%20%3CSTRONG%3Eby%20default%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20can%20be%20%3CSTRONG%3Eoverridden%3C%2FSTRONG%3E%20via%20policy%20or%20a%20command%20line%20argument%20to%20specify%20exactly%20which%20sites%20can%20get%20automatic%20authentication.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EE.g.%20if%20you%20launch%20Edge%20like%20so%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%20%26nbsp%3Bmsedge.exe%20--auth-server-whitelist%3D%22example%22%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E...automatic%20authentication%20will%20occur%20only%20for%20http%3A%2F%2Fexample%2F%20and%20all%20other%20sites%20(even%20those%20in%20the%20Intranet%20zone)%20will%20require%20the%20user%20manually%20enter%20their%20credentials.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-420660%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-420660%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3E%26nbsp%3B%20Sorry%2C%20I've%20been%20away%20from%20my%20desk%20all%20day.%26nbsp%3B%20I%20did%20try%20the%20command%20line%20argument%2C%20without%20success.%26nbsp%3B%20I'll%20look%20into%20this%20more%20tomorrow%2C%20as%20I%20have%20a%20feeling%20a%20policy%20might%20be%20in%20place%20that%20I%20am%20unaware%20of%2C%20since%20our%20system%20administrator%20has%20been%20doing%20some%20browser%20settings%20testing%20with%20Group%20Policy.%26nbsp%3B%20Thanks%20for%20responding%20so%20quickly.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-429746%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-429746%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3E%26nbsp%3BAfter%20further%20review%2C%20authentication%20is%20being%20passed%3B%20however%20delegation%20is%20not%20happening.%26nbsp%3B%20We%20pass%20authentication%20through%20to%20a%20MS-SQL%20server.%26nbsp%3B%20I%20have%20used%20the%20following%20to%20define%20the%20delegated%20whitelist%2C%20in%20addition%20to%20the%20auth-server-whitelist%3A%3CBR%20%2F%3E%3CBR%20%2F%3Emsedge.exe%20--auth-server-whitelist%3D%22apps.midlandschoice.com%22%20--auth-negotiate-delegatewhitelist%3D%22apps.midlandschoice.com%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20works%20fine%20in%20Chrome%3B%20however%2C%20neither%20Edge%20nor%20Chromium%20seem%20to%20want%20to%20allow%20delegation.%26nbsp%3B%20Am%20I%20missing%20something%20or%20is%20delegation%20not%20supported%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-429750%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-429750%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%40ericlaw%3C%2FA%3E%26nbsp%3BAfter%20further%20review%2C%20authentication%20is%20being%20passed%3B%20however%20delegation%20is%20not%20happening.%26nbsp%3B%20We%20pass%20authentication%20through%20to%20a%20MS-SQL%20server.%26nbsp%3B%20I%20have%20used%20the%20following%20to%20define%20the%20delegated%20whitelist%2C%20in%20addition%20to%20the%20auth-server-whitelist%3A%3CBR%20%2F%3E%3CBR%20%2F%3Emsedge.exe%20--auth-server-whitelist%3D%22***.midlandschoice.com%22%20--auth-negotiate-delegatewhitelist%3D%22***.midlandschoice.com%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20works%20fine%20in%20Chrome%3B%20however%2C%20neither%20Edge%20nor%20Chromium%20seem%20to%20want%20to%20allow%20delegation.%26nbsp%3B%20Am%20I%20missing%20something%20or%20is%20delegation%20not%20supported%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-430622%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-430622%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317600%22%20target%3D%22_blank%22%3E%40soundman_ok%3C%2FA%3E%26nbsp%3BAs%20far%20as%20I%20can%20tell%2C%20command-line%20argument%20support%20for%20setting%20auth-negotiate-delegatewhitelist%20appears%20to%20have%20been%20removed%20from%20Chrome%2FChromium%20some%20time%20ago.%20It%20does%20seem%20to%20be%20available%20as%20a%20%3CA%20href%3D%22https%3A%2F%2Fwww.chromium.org%2Fadministrators%2Fpolicy-list-3%23AuthNegotiateDelegateWhitelist%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Epolicy%3C%2FA%3E.%20Do%20you%20know%20if%20your%20admins%20have%20set%20this%20policy%3F%20(It%20should%20appear%20if%20you%20visit%26nbsp%3B%3CA%20href%3D%22chrome%3A%2F%2Fpolicy%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Echrome%3A%2F%2Fpolicy%2F%3C%2FA%3E%26nbsp%3Bin%20Chrome).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-430861%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-430861%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3E%26nbsp%3BI%20have%20both%20AuthNegotitateDelegateWhitelist%20and%20AuthServerWhitelist%20policies%20showing%20there%2C%20which%20most%20likely%20are%20being%20applied%20to%20my%20machine%20through%20my%20local%20Registry.%26nbsp%3B%20I'll%20have%20our%20admins%20look%20into%20publishing%20the%20policy%20for%20our%20entire%20domain.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20the%20help!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-535979%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-535979%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%2C%20this%20is%20exactly%20what%20we%20need.%20Right%20now%2C%20we%20do%20this%20via%20GPO%20(see%20screenshot)%20in%20Chrome%2C%20or%20if%20when%20needed%2C%20we%20can%20make%20this%20work%20in%20Chrome%20using%20the%20Registry%20change%20manually.%20However%2C%20in%20Edge%2C%20we%20can't%20even%20find%20where%20to%20put%20this%2C%20as%20the%20tree%20does%20not%20exist.%20I've%20tried%20every%20place%20I%20can%20think%20of%20but%20does%20not%20work.%20I've%20spoken%20with%20a%20guy%20on%20the%20MS%20Edge%20team%20personally%20(literally%20in%20person%20last%20weekend)%20about%20the%20issue.%20He%20says%20that%20all%20of%20Chromium%20should%20be%20working%20in%20Edge.%20So%20either%26nbsp%3B%3CSPAN%3EAuthNegotiateDelegateWhitelist%20is%20not%20working%20in%20Edge%20or%20I%20can't%20find%20the%20correct%20place%20in%20the%20Registry%20to%20put%20it.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-536086%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-536086%22%20slang%3D%22en-US%22%3EEdge%20reads%20policies%20from%20the%20keys%20under%20HKEY_LOCAL_MACHINE%5CSOFTWARE%5CPolicies%5CMicrosoft%5CEdge%5C%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-536119%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-536119%22%20slang%3D%22en-US%22%3EI've%20tried%20putting%20it%20there%2C%20but%20it%20does%20not%20work.%20If%20Edge%20is%20running%20the%20complete%20Chromium%20code-base%2C%20why%20do%20these%20not%20work%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-657237%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-657237%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317600%22%20target%3D%22_blank%22%3E%40soundman_ok%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EVery%20interested%20in%20understanding%20this%20as%20well.%26nbsp%3B%20Have%20observed%20all%20the%20same%20things%20mentioned%20by%20the%20others%20in%20this%20thread%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-658043%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-658043%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F351640%22%20target%3D%22_blank%22%3E%40perrin42%3C%2FA%3E%26nbsp%3BPlease%20provide%20more%20specific%20details%20of%20what%20exactly%20you're%20seeing.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-658090%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-658090%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3E%26nbsp%3BWe%20have%20the%20policy%20set%20in%20GPO%20and%20it%20shows%20up%20in%20Chrome%2C%20but%20again%2C%20this%20is%20not%20working%20in%20Edge%20(Chromium).%20In%20fact%2C%20in%20Edge%20there%20is%20no%26nbsp%3Bchrome%3A%2F%2Fpolicy%20(using%20that%20in%20Edge%20translates%20to%20edge%3A%2F%2Fpolicy%2C%20but%20does%20not%20exist)%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CH1%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%20id%3D%22toc-hId-1899517787%22%3E%3CSPAN%3EHmmm%E2%80%A6%20can't%20reach%20this%20page%3C%2FSPAN%3E%3C%2FH1%3E%3CP%3EIt%20looks%20like%20the%20webpage%20at%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3Eedge%3A%2F%2Fpolicy%2F%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Emight%20be%20having%20issues%2C%20or%20it%20may%20have%20moved%20permanently%20to%20a%20new%20web%20address.%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CDIV%3E%3CDIV%3E%3CDIV%20class%3D%22error-code%22%3EERR_INVALID_URL%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-659600%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-659600%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20Eric.%3C%2FP%3E%3CP%3ESo%20we%20have%20GPO%20applying%20policy%20to%20Chrome%20setting%20AuthServerWhitelist%20to%20*.domain1.com%20and%20*.domain2.com%3C%2FP%3E%3CP%3EChrome%20will%20not%20prompt%20for%20credentials%20when%20hitting%20those%20domains.%3C%2FP%3E%3CP%3EDoing%20the%20same%20in%20Edge%20is%20also%20great.%3C%2FP%3E%3CP%3ETrying%20it%20in%20EdgeDev%20and%20these%20policies%20are%20not%20being%20observed%20and%20credential%20prompt%20pops.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETrying%20your%20suggested%20command%20line%20does%20work%20for%20EdgeDev%20which%20is%20a%20great%26nbsp%3Bstart%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Emsedge.exe%20--auth-server-whitelist%3D%22***.domain1.com%22%20--auth-negotiate-delegatewhitelist%3D%22***.domain1.com%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20the%20questions.%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20How%20can%20I%20apply%20this%20in%20policy%20rather%20than%20command%20line%3F%3C%2FP%3E%3CP%3ERegistry%20shows%20we%20have%20this%20path%3C%2FP%3E%3CP%3EComputer%5CHKEY_LOCAL_MACHINE%5CSOFTWARE%5CPolicies%5CMicrosoft%5CMicrosoftEdge%3C%2FP%3E%3CP%3EBut%20you%20have%20suggested%3C%2FP%3E%3CP%3EComputer%5CHKEY_LOCAL_MACHINE%5CSOFTWARE%5CPolicies%5CMicrosoft%5CEdge%3C%2FP%3E%3CP%3EWell%20there%20is%20nothing%20set%20here%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2)%20From%20the%20command%20line%20how%20do%20I%20list%20domain2.com%20to%20be%20allowed%20as%20well%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-660610%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-660610%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F351640%22%20target%3D%22_blank%22%3E%40perrin42%3C%2FA%3E%26nbsp%3BHow%20are%20you%20verifying%20that%20the%20command%20line%20is%20working%20for%20you%3F%20I%20just%20tried%20it%20and%20it%20does%20not%20work%20us.%20Our%20scenario%20is%20we%20do%20some%202-hop%20authentication%2C%20our%20IIS%20server%20scans%20folders%20on%20a%20file%20server%20using%20the%20current%20user's%20credentials.%20Works%20great%20in%20IE%20and%20Chrome%2C%20but%20in%20Edge%20(Chromium)%2C%20this%20does%20not%20work.%20Using%20either%20of%20these%20command%20lines%2C%20this%20still%20fails%20for%20us%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Emsedge.exe%20--auth-server-whitelist%3D%22***.pridedallas.com%22%20--auth-negotiate-delegatewhitelist%3D%22***.pridedallas.com%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Emsedge.exe%20--auth-server-whitelist%3D%22*%22%20--auth-negotiate-delegatewhitelist%3D%22*%22%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-672095%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-672095%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3E%26nbsp%3B%20Will%20there%20be%20a%20way%20to%20set%20auth%20whitelists%20for%20Edge%20Mac%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-672187%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-672187%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F50052%22%20target%3D%22_blank%22%3E%40Keith%20Davis%3C%2FA%3E%26nbsp%3B%3CSTRONG%3E--auth-server-whitelist%26nbsp%3B%3C%2FSTRONG%3Eappears%20to%20be%20a%20supported%20command%20line.%20I%20do%20not%20see%20any%20command%20line%20argument%20for%26nbsp%3B%3CSTRONG%3E--auth-negotiate-delegate-whitelist%26nbsp%3B%3C%2FSTRONG%3Ein%20the%20Chromium%20sources%3B%20I%20do%20see%20a%20profile%20preference%20with%20a%20similar%20name%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20id%3D%22c11%22%20class%3D%22stx-plain%22%3E%3CSPAN%20class%3D%22stx-line%22%3E%3CSPAN%20class%3D%22stx-comment%22%3E%2F%2F%20Whitelist%20containing%20servers%20Chrome%20is%20allowed%20to%20do%20Kerberos%20delegation%3C%2FSPAN%3E%0A%3C%2FSPAN%3E%3CSPAN%20class%3D%22stx-line%22%3E%3CSPAN%20class%3D%22stx-comment%22%3E%2F%2F%20with.%3C%2FSPAN%3E%0A%3C%2FSPAN%3E%3CSPAN%20class%3D%22stx-line%22%3E%3CSPAN%20class%3D%22stx-keyword%22%3Econst%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22stx-keyword%22%3Echar%3C%2FSPAN%3E%20%3CA%20class%3D%22f-b%22%20href%3D%22https%3A%2F%2Fcs.chromium.org%2Fchromium%2Fsrc%2Fchrome%2Fcommon%2Fpref_names.cc%3Fl%3D1718%26amp%3Bgs%3Dkythe%25253A%25252F%25252Fchromium.googlesource.com%25252Fchromium%25252Fsrc%25253Flang%25253Dc%2525252B%2525252B%25253Fpath%25253Dsrc%25252Fchrome%25252Fcommon%25252Fpref_names.cc%252523Qx3EpvIQMBXfhs_4c2psdVQ9p_OQyQdhkmHmJ0-MR1M%26amp%3Bgsn%3DkAuthNegotiateDelegateWhitelist%26amp%3Bct%3Dxref_usages%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EkAuthNegotiateDelegateWhitelist%3C%2FA%3E%5B%5D%20%3D%0A%3C%2FSPAN%3E%3CSPAN%20class%3D%22stx-line%22%3E%20%20%20%20%3CSPAN%20class%3D%22stx-string%22%3E%22auth.negotiate_delegate_whitelist%22%3C%2FSPAN%3E%3B%3C%2FSPAN%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-672376%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-672376%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F50052%22%20target%3D%22_blank%22%3E%40Keith%20Davis%3C%2FA%3E%26nbsp%3BIf%20I%20hit%20an%20intranet%20on-premises%20SharePoint%202010%20Teamsite%20launching%20EdgeDev%20normally%20I%20get%20prompted%20for%20credentials.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20launch%20EdgeDev%20with%20the%20previously%20mentioned%20commandline%20then%20I%20am%20not%20prompted.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-673691%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-673691%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3E%26nbsp%3BI%20actually%20did%20not%20think%20that%20--auth-negotiate-delegate-whitelist%20was%20an%20option%2C%20I%20was%20going%20based%20on%20previous%20comments.%20I%20know%20that%20it%20works%20in%20the%20Registry%2C%20but%20again%2C%20I%20can't%20make%20that%20work%20with%20Edge.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-673693%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-673693%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F351640%22%20target%3D%22_blank%22%3E%40perrin42%3C%2FA%3E%26nbsp%3BAh%2C%20yes%2C%20that%20is%20the%20result%20of%26nbsp%3B--auth-server-whitelist%2C%20not%26nbsp%3B--auth-negotiate-delegate-whitelist.%20We%20don't%20need%20the%20first%20one%2C%20the%20second%20one%20is%20what%20need%20(for%202-hop%20auth).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-709256%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-709256%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317600%22%20target%3D%22_blank%22%3E%40soundman_ok%3C%2FA%3E%26nbsp%3BRejoice%20as%20the%20policies%20are%20coming%20for%20GPO%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FDiscussions%2FEarly-preview-of-Microsoft-Edge-group-policies%2Fm-p%2F693929%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FDiscussions%2FEarly-preview-of-Microsoft-Edge-group-policies%2Fm-p%2F693929%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWill%20make%20edge%3A%2F%2Fpolicy%20reflect%20the%20settings%20set%20as%20well.%3C%2FP%3E%3CP%3EIncludes%20most%20of%20the%20Chrome%20settings%20though%20it%20is%20early%20days%20and%20does%20not%20all%20apply%20to%20the%20DEV%20builds%20available%20at%20the%20moment%20you%20can%20start%20playing%20now.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-715627%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-715627%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F351640%22%20target%3D%22_blank%22%3E%40perrin42%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20works!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-721565%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-721565%22%20slang%3D%22en-US%22%3E%3CP%3EI%20know%20this%20discussion%20is%20focused%20on%20Windows%20but%20I%20have%20the%20same%20question%2Frequest%20for%20Mac.%20On%20our%20company%20Macs%2C%20we%20have%26nbsp%3B%3CSTRONG%3E%3CSPAN%3Edefaults%20read%20com.google.Chrome%20AuthServerWhitelist%20%E2%80%9C*.companyurl.com%E2%80%9D%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20an%20equivalent%20for%20MacOS%20Edge%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317600%22%20target%3D%22_blank%22%3E%40soundman_ok%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-724087%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-724087%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3E%26nbsp%3BThanks.%20I%20tried%20both%20com.microsoft.Edge%20and%20com.google.Edge%20to%20set%20AuthServerWhitelist%20and%20it%20did%20not%20stick.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEdit%3A%20I%20take%20it%20back.%20com.microsoft.Edge%20and%20com.microsoft.Edge.Canary%20work%20fine.%20I%20just%20had%20some%20issues%20with%20one%20specific%20intranet%20site%2C%20but%20others%20seem%20to%20be%20taking%20the%20SSO%20just%20fine.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-722095%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-722095%22%20slang%3D%22en-US%22%3E%3CP%3EEdge%20on%20Mac%20also%20supports%20policy.%20I'd%20probably%20start%20by%20trying%20just%20com.microsoft.Edge.AuthServerWhitelist%20and%20if%20that%20doesn't%20work%20I%20can%20ask%20around.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-725687%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-725687%22%20slang%3D%22en-US%22%3EAlso%2C%20I%20do%20want%20to%20point%20out%20that%20we%20changed%20the%20name%20of%20this%20policy%20from%20Chromium%20to%20AuthServerAllowlist.%20%3CBR%20%2F%3E%3CBR%20%2F%3EFrom%20your%20edit%2C%20it%20sounds%20like%20you%20have%20discovered%20this%20if%20the%20policies%20were%20working%20for%20you%2C%20but%20I%20wanted%20to%20point%20this%20difference%20out.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-763973%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-763973%22%20slang%3D%22en-US%22%3EThanks!!%20Applied%20it%20with%20the%20new%20name%20too.%20All%20good%20%3Athumbs_up%3A%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-818288%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-818288%22%20slang%3D%22en-US%22%3EDo%20you%20mind%20sharing%20a%20sample%20plist%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-934661%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-934661%22%20slang%3D%22en-US%22%3E%3CP%3EStarting%20in%20Canary%2079.0.307.0%2C%20and%20now%20also%20in%20the%20Dev%20channel%20as%20of%20today%2C%20this%20is%20no%20longer%20working%20for%20us!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FDiscussions%2FWindows-Authentication-Not-Working-Canary-amp-Dev%2Fm-p%2F918793%2Fhighlight%2Ftrue%23M14286%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FDiscussions%2FWindows-Authentication-Not-Working-Canary-amp-Dev%2Fm-p%2F918793%2Fhighlight%2Ftrue%23M14286%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-983718%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-983718%22%20slang%3D%22en-US%22%3Ebroken%20for%20me%20too%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1118712%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1118712%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F342627%22%20target%3D%22_blank%22%3E%40mkruger%3C%2FA%3E%26nbsp%3B-%20Thanks.%26nbsp%3B%20This%20'hint'%20lead%20me%20to%20realize%20the%20same%20is%20true%20of%20AuthNegotiateDelegateWhitelist.%26nbsp%3B%20Edge%20Chromium%20is%20looking%20for%20AuthNegotiateDelegateAllowlist%20in%20Computer%5CHKEY_LOCAL_MACHINE%5CSOFTWARE%5CPolicies%5CMicrosoft%5CEdge.%26nbsp%3B%20Once%20my%20companie's%20domain%20suffix%20was%20added%20to%20that%20key%20in%20that%20location%2C%20pass-through%20authentication%20from%20chromium%20Edge%20through%20SSRS%202017%20to%20SQL%202017%20began%20to%20work%20as%20expected.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1120630%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1120630%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F525980%22%20target%3D%22_blank%22%3E%40MFoster5879%3C%2FA%3E%20great%2C%20I'm%20glad%20this%20helped.%20We%20are%20also%20working%20on%20some%20documentation%20around%20this%20and%20I%20will%20try%20and%20update%20this%20conversation%20when%20ready.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1172755%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1172755%22%20slang%3D%22en-US%22%3E%3CP%3ETake%20a%20look%20at%20this%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fproviding.tips%2F2020%2F02%2F13%2Fmicrosoft-teams-edge-chromium-heres-how-to-get-rid-of-those-annoying-additional-logins%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fproviding.tips%2F2020%2F02%2F13%2Fmicrosoft-teams-edge-chromium-heres-how-to-get-rid-of-those-annoying-additional-logins%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1173163%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1173163%22%20slang%3D%22en-US%22%3EHrm.%20It's%20worth%20mentioning%20that%20adding%20a%20URL%20manually%20as%20suggested%20in%20that%20%22providing.tips%22%20article%20turns%20off%20the%20default%20behavior%2C%20which%20is%20to%20respect%20the%20Intranet%20Zone.%20So%2C%20if%20this%20URL%20is%20in%20your%20Intranet%20zone%2C%20it%20should%20be%20authenticating%20automatically.%20By%20setting%20this%20policy%20directly%20in%20this%20way%2C%20you're%20likely%20to%20cause%20yourself%20a%20bunch%20of%20other%20problems%2C%20because%20it%20will%20ensure%20that%20none%20of%20your%20other%20Intranet%20URLs%20automatically%20authenticate%20any%20longer.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsource.chromium.org%2Fchromium%2F_%2Fchromium%2Fchromium%2Fsrc%2Fout%2F%2B%2F0309b2d58b48f0c0dc0bfbe73512b793eff3ff2c%3Awin-Debug%2Fgen%2Fcomponents%2Fpolicy%2Fproto%2Fchrome_settings_full_runtime.proto%3Bl%3D2121%3ForiginalUrl%3Dhttps%3A%252F%252Fcs.chromium.org%252F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsource.chromium.org%2Fchromium%2F_%2Fchromium%2Fchromium%2Fsrc%2Fout%2F%2B%2F0309b2d58b48f0c0dc0bfbe73512b793eff3ff2c%3Awin-Debug%2Fgen%2Fcomponents%2Fpolicy%2Fproto%2Fchrome_settings_full_runtime.proto%3Bl%3D2121%3ForiginalUrl%3Dhttps%3A%252F%252Fcs.chromium.org%252F%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1213886%22%20slang%3D%22en-US%22%3ERe%3A%20Integrated%20Authorization%20for%20Intranet%20Sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1213886%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F342627%22%20target%3D%22_blank%22%3E%40mkruger%3C%2FA%3E%26nbsp%3BI%20have%20a%20new%20Mac%20and%20I%20installed%20Edge%20stable%2Fprod%20release.%20I%20applied%20the%20following%20but%20the%20SSO%20prompt%20keeps%20coming%20~once%20a%20day.%20Anything%20else%20I%20need%20to%20do%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22edge_policy.png%22%20style%3D%22width%3A%20443px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F175652i53BA2E108F161E6C%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22edge_policy.png%22%20alt%3D%22edge_policy.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Chromium supports Integrated Authentication; as well as IE11 and Edge (current), so that users can authenticate to an Intranet server without having to prompt the user to login.  Our intranet URLs are specified in IE's Internet Properties as Local Intranet sites.  Will the new Edge also allow this functionality?

33 Replies
Highlighted

@perrin42 

 

It works!

 

 

Highlighted

I know this discussion is focused on Windows but I have the same question/request for Mac. On our company Macs, we have defaults read com.google.Chrome AuthServerWhitelist “*.companyurl.com”

 

Is there an equivalent for MacOS Edge? 

 

@soundman_ok @ericlaw 

Highlighted

Edge on Mac also supports policy. I'd probably start by trying just com.microsoft.Edge.AuthServerWhitelist and if that doesn't work I can ask around.

Highlighted

@ericlaw Thanks. I tried both com.microsoft.Edge and com.google.Edge to set AuthServerWhitelist and it did not stick. 

 

Edit: I take it back. com.microsoft.Edge and com.microsoft.Edge.Canary work fine. I just had some issues with one specific intranet site, but others seem to be taking the SSO just fine. 

Highlighted
Also, I do want to point out that we changed the name of this policy from Chromium to AuthServerAllowlist.

From your edit, it sounds like you have discovered this if the policies were working for you, but I wanted to point this difference out.
Highlighted
Thanks!! Applied it with the new name too. All good :thumbs_up:
Highlighted
Do you mind sharing a sample plist?
Highlighted

Starting in Canary 79.0.307.0, and now also in the Dev channel as of today, this is no longer working for us!

 

https://techcommunity.microsoft.com/t5/Discussions/Windows-Authentication-Not-Working-Canary-amp-Dev...

Highlighted
broken for me too
Highlighted

@mkruger - Thanks.  This 'hint' lead me to realize the same is true of AuthNegotiateDelegateWhitelist.  Edge Chromium is looking for AuthNegotiateDelegateAllowlist in Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge.  Once my companie's domain suffix was added to that key in that location, pass-through authentication from chromium Edge through SSRS 2017 to SQL 2017 began to work as expected.

Highlighted
@MFoster5879 great, I'm glad this helped. We are also working on some documentation around this and I will try and update this conversation when ready.
Highlighted
Hrm. It's worth mentioning that adding a URL manually as suggested in that "providing.tips" article turns off the default behavior, which is to respect the Intranet Zone. So, if this URL is in your Intranet zone, it should be authenticating automatically. By setting this policy directly in this way, you're likely to cause yourself a bunch of other problems, because it will ensure that none of your other Intranet URLs automatically authenticate any longer.

https://source.chromium.org/chromium/_/chromium/chromium/src/out/+/0309b2d58b48f0c0dc0bfbe73512b793e...
Highlighted

@mkruger I have a new Mac and I installed Edge stable/prod release. I applied the following but the SSO prompt keeps coming ~once a day. Anything else I need to do? 

 

 

edge_policy.png