Enable NTLM Single Sign On in Firefox

G14th May 2018

A simple procedure for enabling Single Sign On (SSO) in Firefox.

NTLM (NT LAN Manager) is a suite of Microsoft protocols that provide authentication, integrity and confidentiality for users. Although Microsoft has adopted Kerberos in modern versions of Windows server, NTLM is still used when authenticating to a workgroup. Those who use Firefox in a corporate environment will notice that they are prompted for a username and password when using internal web applications whereas Internet Explorer and Edge allow immediate access via Single Sign-On (SSO).

Firefox is also capable of NTLM SSO authentication. Here is the procedure for setting it up:

Step 1

Using the Firefox address bar, enter about:config. Click the “I accept the risk!” button.

Step 2

Use the search bar to locate network.negotiate-auth.trusted-uris. Double-click on the result.

Step 3

Enter the URLs or domains of the websites for which you want to enable NTLM SSO, as a string and separated by commas. Do not add trailing slashes. Inclusion of the protocol is optional.

An example:

https://intranet,private.mydomain.com.au,sharepoint,remedysso.internal.mydomain.com.au,http://help.desk

Press OK.

Restart Firefox.

Note:

There are actually several options for enabling Single Sign On in Firefox:

• network.negotiate-auth.trusted-uris lists the sites that are permitted to engage in SPNEGO authentication with the browser.
• network.negotiate-auth.delegation-uris lists the sites for which the browser may delegate user authorisation to the server.
• network.automatic-ntlm-auth.trusted-uris lists the trusted sites to use NTLM authentication.