I have been tasked with researching the feasibility of setting up MWG to perform integrated authentication (with no prompts) for clients accessing the Internet via MWG with the goal of logging usernames against web accesses without requiring the user to actually enter credentials.
Web traffic is handled via WCCP. Direct proxy is not a corporate standard and would not be a supported solution.
Prompting for authentication is not currently an option.
Before I spend a lot of time trying to make this work, I'd like to find out if it's theoretically possible in an environment that uses IE, Chrome and Firefox.
I was going to write up some of my recent experiences, but support already hit that nail on the head quite well. They have a section on WCCP and authentication in the best practices guide: . That covers the MWG configuration and the modifications needed in browsers.
Of note, there is a line on changing the authentication server to redirect to a hostname instead of the proxy IP. That simplifies management and makes things work better; you can have one entry in the browser settings instead of separate settings for each proxy IP. Also, if a user's machine is not on the domain they will be prompted by hostname, not IP, which humans seem to trust more.