We're considering offering Safari (windows), Chrome, Firefox and Opera as optional browsers in our 2500 person organisation.
I'm just testing them out now and where IE auto-authenticates with our proxy server, all the other browsers (though I haven't tried Opera yet) won't do it. They give a logon box with the option to save passwords. This box pops up every time the browser is first loaded, and occasionally after that for some internal sites.
This is kind of annoying, but it really becomes an issue when a user resets their password. They end up opening their browser, hitting 'enter' like they're used to to log on, but the box reappears. So they hit enter again a couple of times, and hey presto, their account is locked out.
Is there any way around this?
I know of this NTLM work around for Firefox, but I am uncertain about the other browsers.
1) Open Firefox and type “about:config” in the address bar. (without the quotes of course)
2) In the ‘Filter’ field type the following “network.automatic-ntlm-auth.trusted-uris”
3) Double click the name of the preference that we just searched for
4) Enter the URLs of the sites you wish to pass NTLM auth info to in the form of:
5) Replace the entries with your own internal servers
Source with more detail: http://sivel.net/2007/05/firefox-ntlm-sso/
Of the alternatives you listed, I believe that Chrome is the only option which offers management by group policy, definitely something to consider when you're looking for a larger deployment. The issue of being able to use internal authentication has already been reported to google.
Our organization is the same, and the NTLM Firefox method works. The problem is, most of our internal sites only work properly in Internet Explorer... worse even, IE6.
What I've been doing is setting up FireFox to use IE Tab, then creating the custom sites filter list of internal sites, as well as show them how to do it themselves.
It's not more secure that way because IE is still being used, but it's more secure than using IE 100% of the time.