site.local (now sitewithsplit.com) worked perfect earlier with SSO when it had a name from a local DNS server.
Now it’s been moved to DMZ (Internet IP), with a new name sitewithsplit.com. But it’s also accessible from the local net with a local IP. From the internal network sitewithsplit.com gets the internal IP. And from Internet it gets the public internet IP. This is from what I understand a spilt-dns configuration.
Should it be possible from the internal net (with an authenticated user) to use the integrated Windows Authentication (SSO)? And from outside not?
From what I’ve read, it should be possible to use the same SSO function (Integrated Windows Authentication) on sitewithsplit.com if it has a local IP. (Authenticated AD user on a Windows 10 computer running in local net).
sitewithsplit.com has been added to Trusted Sites in IE settings and Security Settings, Logon, select 'Automatic logon with current user name and password' is on. Before, it was in Intranet Zone.
Also, Settings > Internet Options.
Click the Advance tab.
Under the Security section enable the option for Enable Integrated Windows Authentication. Is on.
I test this in Internet Explorer and Edge. It should also work in Chrome.
When entering sitewithsplit.com it should automatically log in with an authenticated user with a machine connected to the local net. But I get prompted for username and password. So, my question is:
Is it possible to use Integrated Windows Authentication for sitewithsplit.com from local net. If not, then I think the best option is to manually log in.