Configure Agentless Desktop SSO - new implementations



The steps in this topic apply to Preview orgs that implement the Generally Available (GA) version of this feature as released in the 2019.09.0 Preview release. That is, you implement this feature after September 1, 2019. This functionality is not available in production orgs yet.

If you implemented the Early Access (EA) version of this feature for the first time before September 1, 2019 or want to deploy this to production, refer to the instructions in Configure Agentless Desktop SSO with Registry Keys (deprecated).

Desktop SSO (DSSO) is the functionality that allows users to be automatically authenticated by Okta, and any apps accessed through Okta, whenever they sign-in to your Windows network. It provides a superior user-experience as users don’t have to sign in multiple times.

Traditionally, enabling Desktop SSO required deploying IWA agents. Agentless desktop SSO eliminates the need to deploy IWA agents across Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. domains to enable DSSO. This enables you to have no maintenance overhead and also removes the burden of worrying about High Availability as Okta handles the KerberosKerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. validation. ClosedDiagram


Procedures that may apply to your environment