Configuring IMSVA EUQ Single-Sign-On feature

The SSO feature of IMSVA helps users to access their EUQ web console without entering credentials every time they want to manage their quarantined mails.

To enable this feature you have to check the option “Enable NTLM” in the following menu: Administration -> End-User-Quarantine -> User Quarantine Access -> Single Sign On Configuration.

After saving this change the user just have to access the EUQ URL from the machine he is logged on to. In the example we are presenting here, the machine is a Windows XP, but you may see the following behavior in other Windows versions.

When you see this window pop-up, it means that your Internet Explorer is not still configured to support the SSO mechanisms, so you can just cancel this window as the SSO is still not working.

The following procedure applies to all Internet Explorer versions, however for IE 8 and 9 you have to perform an additional step that will be detailed later.

For the SSO feature to work correctly you need to add the EUQ URL to the Trusted Zones in Internet Explorer. After this change, you need to modify the following configuration in Internet Explorer.

Tools -> Internet Options -> Security

Now select “Trusted Sites” and click the “Custom level” button. In the options window select:

User Authentication -> Logon -> Automatic logon with current user name and password

Save these changes and close Internet Explorer. Now open the EUQ URL again and you’ll be automatically logged in to the console without entering any credentials.

In Windows 7 with IE 8 or 9 you need to apply an extra step to fully enable the SSO service. You have to change the local security policy to allow the use of NTLMv1 which is the one used by IMSVA; IE 8 and 9 use NTLMv2 by default.

You can make this change in Windows 7 under:

Control Panel -> Administrative Tools -> Local Security Policy

In the local security policy go to:

Local policies -> Security options -> Network security: LAN Manager authentication level

Now change the value to “NTLM only”.

After this change the EUQ console will log the user without requesting for any credentials.

With these steps you’ll have the IMSVA SSO feature fully functional.

 

For more information about the rules to create, transmit and process an email you can check out our publication on The SMTP Protocol Fundamentals.

Remember to send us your questions and comments to our Twitter account:@redinskala where you can find more information and security tips.

Thanks for your visit!