Bypassing Edge SWG (ProxySG) authentication

I have an application that does not work with authentication

How do I bypass authentication so that my application works?

What are some strategies that can be used to bypass authentication for a workstation or application?

How do I use a different authentication scheme?

Sometimes there are applications (custom, in-house applications; specific vendor created applications, file sharing applications, and so forth), services, operating systems, update mechanisms, (all these will be referred to as applications throughout the rest of this document) and so forth that simply do not work with proxy style (HTTP 407) or content server style (HTTP 401) authentication requests.  These applications were not designed to deal with authentication.  Because these applications were not designed to deal with application, when the proxy prompts the application for authentication requests, the application will fail to function properly.  The end result will be a loss of productivity.

There may be certain applications that do not function properly when authentication is enforced.  So there are several strategies that can be used to help alleviate the problem.  This solution documents some of the strategies used to work around the problem.  This is not an all inclusive document.  There may be other ways to work around the problem.  This solution documents some of the more common ways to work around authentication issues. 

AUTHENTICATION BY IP ADDRESS

There are two options here.  You can

1. Not authenticate specific IP addresses or ranges and everything else will be authenticated.
2. Authenticate specific IP addresses or ranges and everything else will not be authenticated.

Generally authentication is enabled for all IP addresses and then a few workstations need to bypass authentication.  Please see article Bypassing Edge SWG (ProxySG) authentication by using IP addresses for instructions on how to bypass authentication by IP address.

BYPASSING AUTHENTICATION BY USER AGENT

Many applications that use the web have a user agent.  If a particular application is having problems authenticating and that application has a unique user agent, please see An application is not working with authentication on Edge SWG (ProxySG) or ASG for instructions on how to bypass authentication for a specific user agent.

BYPASSING AUTHENTICATION BY DESTINATION URL

Sometimes a URL may be particularly troublesome.  A common example is when IWA authentication is used and the URL is a remote Microsoft Exchange server in a different domain than the local domain, and no trust relationship exists between the two domains.  In this kind of a scenario, bypassing authentication to that remote webmail server may be the solution.  Please see Bypassing authentication on the Edge SWG (ProxySG) based on the destination URL for instructions on how to bypass authentication based on URL.