Create an Microsoft IIS IWA application

During this task we will create the required Microsoft IIS IWA application in Access Gateway.

Sign in to the Access Gateway Admin UI console.
Click the Applications tab.
Click +Add to add a new application.
Select Microsoft IIS IWA from the left column menu, and click Create.
Note
If the Microsoft IIS, OWA, or Sharepoint IWA applications are disabled, ensure that there is a valid Kerberos service configured in settings.

If required, expand the Essentials pane and enter:

Field	Value
Label	The name of the application, as shown in your Okta Tenant. For example:Microsoft IIS Application
Public Domain	The externally facing URL of the application. For example: https://iis.idaasgateway.net
Protected Web Resource	Fully qualified URL to the Microsoft backing application.
Group	The group containing users who can access the application.

Important

While optional, Okta recommends that all applications include certificates.
See About Access Gateway certificates for general information about certificate.
See Certificate management tasks for a general task flow for obtaining and assigning certificates.

Expand the Certificates tab.
Note
By default a wild card self signed certificate is created and assigned to the application when the application is initially created.
Optional. Click Generate self-signed certificate

A self-signed certificate is created and automatically assigned to the application.
Optional. Select an existing certificate from the list of provided certificates.
Use the Search field to narrow the set of certificates by common name.
Use the page forward (>)and backward(<) arrows to navigate through the list of available certificates.
Click Next
In the Application pane, enter:
Field Value
Kerberos Realm Enter the name of the associated realm
Click Next.
In the Attributes pane:
1. Click Add attribute to add an attribute what corresponds to sAMAccountName.
2. Verify he following:
  Field Value
  Data Source
  IDP
  Field
  IDP attribute that correlates with the users sAMAccountName
  Type
  Header
  name iwa_usename
3. Click Save.
Click Done.

Field	Value
Kerberos Realm	Enter the name of the associated realm

Field	Value
Data Source	IDP
Field	IDP attribute that correlates with the users sAMAccountName
Type	Header
name	iwa_usename

The application is added and the Application list page is displayed.

Next steps

Test Kerberos application