We have two locally installed IWA servers that use SSL with public certificates. When users go to mydomain.okta.com in IE or Chrome on their Windows 7/10 machines, they're automatically redirected to our Okta portal without having to login (we set the Okta portal as a home page via GPO). When we use Firefox, users get a Security Warning pop up that says "The information you have entered on this page will be sent over an insecure connection and could be read by a third party. Are you sure you want to send this information." If you click Continue, it logs you in to the Okta portal without requiring a log in (so I assume IWA is working correctly).

We did set NTLM, SPNEGO, and Allow Non FDQN info for Firefox via Group Policy and set the Home page to the Okta portal via GPO as well. (Doing that is the same as the going to about:config and setting the network.automatic-ntlm-auth.trusted-uris preference). If we remove the setting for the Home page in the GPO for Firefox and go to the site manually, we get the same error. I also tested it on an Ubuntu machine using Firefox (ie, not part of the domain and no Group Policy) and get the same pop up. Any way to get around it? It's not that big a deal to me and I'm happy hitting Continue, but I know that if I push this to users as is, they'll complain. Anyone know if there's a way to clear that message in Firefox so it just logs in without users having to hit Continue?