Configure agentless Desktop Single Sign-on

With agentless Desktop Single Sign-on (DSSO), you don't need to deploy IWA agents in your Active Directory domains to implement DSSO functionality. This reduces or eliminates the maintenance overhead and provides high availability as Okta assumes responsibility for Kerberos validation.

Topics

• About the agentless Desktop Single Sign-on workflow
• About agentless Desktop Single Sign-on failover
• Create a service account and configure a Service Principal Name
• Configure browsers for Windows agentless Desktop Single Sign-on
• Configure browsers for Mac agentless Desktop Single Sign-on
• Enable agentless Desktop Single Sign-on
• Update the default Desktop Single Sign-on Identity Provider routing rule
• Validate the agentless Desktop Single Sign-on configuration
• Test the agentless Desktop Single Sign-on configuration