Skip to main content
Skyhigh Security

SSO process in proxy and non-proxy modes

The steps in the SSO process depend on whether the user's credentials are submitted to the cloud application directly (non-proxy mode) or through Web Gateway (proxy or inline mode).

In proxy and non-proxy modes, Web Gateway authenticates the user, then presents the launchpad. The launchpad displays icons corresponding to the cloud applications the user is allowed to access. The SSO process appears the same to the user in both modes:

  1. From a web browser on a client of Web Gateway, the user requests a launchpad.
  2. After authenticating the user, Web Gateway sends a launchpad.
  3. To open an application, the user clicks the icon corresponding to the application on the launchpad.
  4. Web Gateway sends a logon form to the user.
  5. If requesting access for the first time, the user is prompted for credentials, which the user provides and submits to Web Gateway. If requesting access for a second or later time, the logon form is automatically filled with the user's credentials and submitted to Web Gateway.
  6. If the credentials are valid, the user is allowed SSO access to the cloud application.

Proxy mode

In proxy mode, Web Gateway forwards the user's credentials to the cloud application.
clipboard_eb5cf96bc26b6d3817ab22b7957e34c1a.png

When single sign-on takes place in proxy mode, Web Gateway can provide additional functionality that is not available in non-proxy mode:

  • Dynamic cloud applications — Web Gateway can support HTTP cloud applications that provide logon page information dynamically, such as DropBox, by adding Javascript to the logon page. The Javascript completes the fields on the page with information.
  • Encrypted password — The password is encrypted and hidden from the client computer.

Non-proxy mode

In non-proxy mode, the user's browser forwards the credentials to the cloud application.
clipboard_e79dfd8afe38a5f854aa5e7aa911598d8.png

NOTE: When single sign-on takes place in non-proxy mode, Web Gateway functions as a web server. When configuring your Domain Name Service and all SSO settings, you must use the IP address of the Web Gateway appliance in place of a host name.

  • Was this article helpful?