KB Article | Forcepoint Support

Notes & Warnings

Additional search terms: Why doesn't my Web-enabled application work?

Problem Description

While on our corporate network, end users are prompted to log in. This is true for end users using a PAC file as well as end users using the chained proxy deployment. Our corporate site is listed as a Proxied Connection, so Cloud service knows our location from its external IP address.
If our users are coming from a known location, then why is Cloud service requiring them to login?



There are a few possibilities as to why end users are prompted to provide login credentials.
  1. The external IP address, which end user uses to connect to the Internet, is not configured as a Proxied Connection on the Connections tab for their policy.
    • Disable proxy forwarding in your browser and use an external IP checking site to validate your external IP address. This static IP address should be added as a Proxied Connection.
    • Click here to identify your external IP address.
User-added image 
  1. It is possible the Access Control tab has the "Authenticate users on first access" option enabled. This always forces users to provide basic authentication credentials (an email address and password).
User-added image  
  1. If authentication is disabled on the Access Control tab, there could be one or more "exceptions" listed. Exceptions are Group or User specific. They inherently force users to provide credentials. The solution is to either:
    • Remove the exception, or
    • Enable authentication and NTLM identification via the Access Control tab

Keywords: authentication prompts; known location; pac file; proxy chaining; proxied connections; access control; authenticate users on first access; ntlm identification

Article Feedback

Thank you for the feedback and comments.