Configure browsers for single sign-on on Windows
Configuring changes on Internet Explorer (IE) will be enough as Chrome will recognize these settings.
Note: Firefox and Edge are not supported.
There are three main steps involved in configuring the browsers on Windows:
- Enabling Integrated Windows Authentication (IWA) on the browsers.
- Adding Okta as a trusted site to the Local Intranet Zone in IE. The Okta URLs must include https://<myorg>.kerberos.<oktaorg>.com.
- Creating a Group Policy Object (GPO) to apply the setting on all your client machines.
- Enable IWA on the browsers:
- In IE, click Tools > Internet options.
- Click the Advanced tab, scroll down to Security, and select Enable Integrated Windows Authentication.
- Click OK.
Note: Make sure that IE can save session cookies (Internet options > Privacy tab). If it cannot, neither SSO nor standard sign-in can work.
- Configure the Local Intranet Zone to trust Okta:
- In IE and click Tools > Internet options and click the Security tab.
- Click Local Intranet > Sites > Advanced and add the URL for your Okta org you configured in Add the SPN. For example: https://<myorg>.kerberos.<oktaorg>.com.
- Click Close and OK on the other configuration options.
- Create a GPO to apply the settings to all client machines using Agentless DSSO.