Create an Microsoft IIS IWA application
During this task we will create the required Microsoft IIS IWA application in Access Gateway.
- Sign in to the Access Gateway Admin UI console.
-
Click the Applications tab.
-
Click +Add to add a new application.
- Select Microsoft IIS IWA from the left column menu, and click Create.
Note
If the Microsoft IIS, OWA, or Sharepoint IWA applications are disabled, ensure that there is a valid Kerberos service configured in settings.
- If required, expand the Essentials pane and enter:
Field Value Label The name of the application, as shown in your Okta Tenant.
For example:Microsoft IIS ApplicationPublic Domain The externally facing URL of the application.
For example: https://iis.idaasgateway.netProtected Web Resource Fully qualified URL to the Microsoft backing application. Group The group containing users who can access the application. - Expand the Certificates tab.
Note
By default a wildcard self signed certificate is created and assigned to the application when the application is initially created.
- Optional. Click Generate self-signed certificate
A self-signed certificate is created and automatically assigned to the application. - Optional. Select an existing certificate from the list of provided certificates.
Use the Search field to narrow the set of certificates by common name.
Use the page forward (>)and backward(<) arrows to navigate through the list of available certificates. - Click Next
- In the Application pane, enter:
Field Value Kerberos Realm Enter the name of the associated realm - Click Next.
- In the Attributes pane:
Click Add attribute to add an attribute what corresponds to sAMAccountName.
- Verify he following:
Field Value Data Source
IDP
Field
IDP attribute that correlates with the users sAMAccountName
Type
Header
name iwa_username - Click Save.
- Click Done.

Important
While optional, Okta recommends that all applications include certificates.
See About Access Gateway certificates for general information about certificate.
See Certificate management tasks for a general task flow for obtaining and assigning certificates.
The application is added and the Application list page is displayed.