I’ve been using Firefox as my “browser of choice” for around 15 years. I tend to prefer to use it for all sorts of reasons, but the main thing I expect is support for extensions. Not many of them, but … well, there’s a few!
There are two stumbling blocks for using Firefox in a corporate or enterprise setting. These are:
- NTLM or Kerberos Authentication for resources like Sharepoint and ADFS.
- Enterprise TLS certificates (usually deployed via GPO as part of the domain)
These are both trivially fixed in the about:config screen, but first you need to get past a scary looking warning page!
In the address bar, where it probably currently says
jon.sprig.gs, click in there and type
This brings you to a scary page!
Click the “Accept the Risk and Continue” (note, this is with Firefox 76. Wording with later or earlier versions may differ).
As if it wasn’t obvious enough from the previous screen, this “may impact performance and security”…
In the “Search preference name” type in
ntlm and find the line that says
Type in there the suffixes of any TRUSTED domains. For example, if your company uses the domain names of
big.company then you’d type in:
Any pages that you browse to, where they request NTLM authentication, will receive an NTLM set of credentials if prompted (same as IE, Edge, and Chrome already do!) NTLM is effectively a way to pass a trusted Kerberos ticket (a bit like your domain credentials) into a web page.
Next up, let’s get those pesky certificate errors removed!
This assumes that you have a centrally managed TLS Root Certificate, and the admins in your network haven’t just been dumping self signed certificates everywhere (nothing gets around that… just sayin’).
about:config, clear the search box and type
enterprise, like this!
Find the line
security.enterprise_roots.enabled and make sure it says
true. If it doesn’t double click it, so it does.
Now you can close your preferences page, and you should be fine to visit your internal source code repository, time sheeting system or sharepoint site, with almost no interruptions!
If you’ve been tasked for turning this stuff on in your estate of managed desktop environment machines, then you might find this article (on Autoconfiguration of Firefox) of use (but I’ve not tried it!)