Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Use KDC policy to delegate credentials.
Supported versions
- Windows: Not supported
- macOS: ≥ 147
- Android: Not supported
- iOS: Not supported
Description
If you enable this policy, HTTP authentication honors approval from the Key Distribution Center (KDC). Microsoft Edge delegates user credentials to the requested service only when the KDC sets the OK-AS-DELEGATE flag on the service ticket, as defined in RFC 5896 (https://tools.ietf.org/html/rfc5896.html). The service must also be included in the AuthNegotiateDelegateAllowlist policy.
If you disable or don't configure this policy, Microsoft Edge ignores approval from the Key Distribution Center (KDC) on supported platforms and delegates credentials only to services specified in AuthNegotiateDelegateAllowlist.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
- Per Profile: No
- Applies to a profile that is signed in with a Microsoft account: Yes
Data type
- Boolean
Mac information and settings
- Preference Key name: AuthNegotiateDelegateByKdcPolicy
- Example value:
<true/>