Integrated Windows Authentication (IWA) enables you to log in to different services with the same credentials. To support IWA, some Avaya Aura® Web Gateway server administration is required. Users must be able to authenticate to the Avaya Aura® Web Gateway API using a preexisting authentication to a Windows domain. Avaya Aura® Web Gateway uses SPNEGO to negotiate authentication with the client and Kerberos to validate the authentication of the client user. User roles are retrieved normally through LDAP.

Use the following sections to complete IWA configuration on the Avaya Aura® Web Gateway and Active Directory servers. Errors in the setup might cause the authentication to fail. You can enable debug logs to assist with troubleshooting.

Avaya Aura® Web Gateway supports IWA for multiple domains. The User Principal Name (UPN) domain and the authentication domain must be the same as the root domain of the directory.