Install and configure the Okta IWA Web agent for Desktop Single Sign-on

Okta IWA is a lightweight Internet Information Services (IIS) web agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. that enables Desktop Single Sign-on (DSSO) on the Okta service. Desktop SSO allows users to be automatically authenticated by Okta and any apps accessed through Okta, whenever they sign into your Windows network. The Okta IWA Web agent uses Microsoft's IWA and ASP.NET to authenticate users from specified gateway IPs. 


You must have installed and configured the Okta AD agent and Delegated AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect. must be on before you can configure IWA Desktop SSO. For details, see Install and configure the Okta Active Directory agent


Optional tasks


Related topics

Network Zones and IWA

Configure Agentless Desktop SSO

Configure a custom error page

Install and configure the Okta Active Directory agent