Skip to main content
Documentation & User Guides | FotoWare

Integrated Windows Authentication and your choice of web browser

To facilitate SSO through the web browser when using (1) FotoWeb Authentication or (2) Windows Active Directory Authentication, Windows Integrated Authentication is used. Because this functionality is not available on non-Windows clients, SSO will not be available to users of these platforms when using these authentication mechanisms. If using a non-Windows client platform, consider using SAML authentication.

Below are instructions for configuring different Windows-based browsers to use Windows Integrated Authentication.

Internet Explorer, Edge and Google Chrome

These browsers all honor the Internet Settings in the Windows Control Panel. For SSO to work, the FotoWeb site needs to be added to the Local intranet zone, as shown in the screenshots.

Windows Internet Options.png

Windows Internet Options - add to local intranet zone.png

Firefox browser

You will need to add the FotoWeb site to the list of trusted URLs in Firefox.

To do so:

  1. Open Firefox and enter about:config in the address bar
    A warning will be shown; click on the I'll be careful button to proceed
  2. In the search/filter field type ntlm
  3. Set network.automatic-ntlm-auth.trusted-uris to the FotoWeb DNS name (e.g.
  4. Set network.automatic-ntlm-auth.allow-non-fqdn to True by right-clicking the Value column and selecting Toggle
  5. In the search/filter field type negotiate
  6. Set network.negotiate-auth.trusted-uris to the FotoWeb DNS name (e.g.
  7. Set network.negotiate-auth.allow-non-fqdn to True by right-clicking the Value column and selecting Toggle.
  8. Click OK if present
  9. Restart Firefox

Please note:

  • Steps 2-4 are only necessary if the client is not a member of the domain. This will enable the NTLM fallback mechanism to allow the client to authenticate with a username and password.
  • Steps 4 and 7 are only necessary if you're using a non-FQDN (such as a netbios name). When using a fully qualified domain name, these steps are not required-

macOS browsers

Integrated Windows Authentication requires Kerberos token support on the client. Please refer to the documentation for macOS and your browser vendor on how to establish Kerberos trust on macOS computers.