Okta IWA Web agent installation prerequisites

The following are the prerequisites for installing the Okta IWA Web agent:

  • You must have installed and configured the Okta AD agent and Delegated Authentication must be enabled before you can configure IWA DSSO. See Manage your Active Directory integration.
  • Make sure that Port 80 (for http) and Port 443 (for https) are open for inbound traffic on the same server that hosts the Okta IWA Web agent.

    Note: Okta strongly recommends that you enable SSL.

  • Windows Server 2012, Server 2016, Windows Server 2019, or Windows Server 2022.

  • .NET 4.6.2 (minimum) up to .NET 4.7.x and ASP .NET 4.7. If you have a lower version of .NET, upgrade to 4.6.2 or higher.
  • To improve the security of our integrations, we now only communicate using TLS 1.2 security protocol. Ensure you are running .NET framework 4.6.2 or later so the AD agent installs correctly.

  • IIS 7.5 or higher must be installed on the server. If the required IIS version is not installed, the installer quits and you receive an error message.
  • AD Agent 3.0.4.x or higher. The Okta AD agent does not have to be on the same server that hosts the OktaIWA Web agent.
  • If your enterprise has more than one domain, see Configure the OktaIWA Web agent Universal Principal Name.
  • The IWA agent doesn't require any extra privileges beyond the default permissions the user inherits from the Domain Users group. However, note the following:

    • The installer configures some additional local permissions for the service account to allow it access the web-application files.
    • The IWA agent requires read and execute permissions for files in C:\inetpub\webroot\IWA.
    • If you want to use an existing account, then ensure:
      • the account is active and the password never expires
      • the account has permissions to read and execute for the C:\inetpub\wwwroot\IWA directory and its content