Configure Agentless Desktop SSO with Registry Keys (deprecated)



The steps in this topic apply to orgs that implemented the Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. version of this feature prior to the 2019.09.0 release. That is, you implemented this feature before August 30th, 2019. If you are implementing this feature for the first time after September 1, 2019 (after 2019.09.0), refer to the instructions in Configure Agentless Desktop Single Sign-on - new implementations.

Desktop SSO (DSSO) is the functionality that allows users to be automatically authenticated by Okta, and any apps accessed through Okta, whenever they sign-in to your Windows network. It provides a superior user-experience as users don’t have to sign in multiple times.

Traditionally, enabling Desktop SSO required deploying IWA agents. Agentless desktop SSO eliminates the need to deploy IWA agents across Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. domains to enable DSSO. This enables you to have no maintenance overhead and also removes the burden of worrying about High Availability as Okta handles the KerberosKerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. validation. ClosedDiagram


Procedures that may apply to your environment