The following are the prerequisites for installing the Okta IWA Web agent:
- You must have installed and configured the Okta AD agent and Delegated Authentication must be enabled before you can configure IWA DSSO. See Manage your Active Directory integration.
- Make sure that Port 80 (for http) and Port 443 (for https) are open for inbound traffic on the same server that hosts the Okta IWA Web agent.
Note: Okta strongly recommends that you enable SSL.
Windows Server 2012, Server 2016, Windows Server 2019, or Windows Server 2022.
- .NET 4.6.2 (minimum) up to .NET 4.7.x and ASP .NET 4.7. If you have a lower version of .NET, upgrade to 4.6.2 or higher.
To improve the security of our integrations, we now only communicate using TLS 1.2 security protocol. Ensure you are running .NET framework 4.6.2 or later so the AD agent installs correctly.
- IIS 7.5 or higher must be installed on the server. If the required IIS version is not installed, the installer quits and you receive an error message.
- AD Agent 3.0.4.x or higher. The Okta AD agent does not have to be on the same server that hosts the OktaIWA Web agent.
- If your enterprise has more than one domain, see Configure the OktaIWA Web agent Universal Principal Name.
The IWA agent doesn't require any extra privileges beyond the default permissions the user inherits from the Domain Users group. However, note the following:
- The installer configures some additional local permissions for the service account to allow it access the web-application files.
- The IWA agent requires read and execute permissions for files in C:\inetpub\webroot\IWA.
- If you want to use an existing account, then ensure:
- the account is active and the password never expires
- the account has permissions to read and execute for the C:\inetpub\wwwroot\IWA directory and its content