Migrate from Integrated Windows Authentication to agentless Desktop Single Sign-on
To simplify user access management, Okta encourages you to move from Integrated Windows Authentication (IWA) to agentless Desktop Single Sign-on (ADSSO). Okta is no longer adding new IWA functionality and offers only limited support and bug fixes.
-
Set IWA as a failover option for ADSSO. See Configure failover for the Okta IWA Web agent.
-
Test your ADSSO configuration. See Test the agentless Desktop Single Sign-on configuration.
-
Make ADSSO active:
-
In the Admin Console, go to Security > Delegated Authentication.
-
Scroll to Agentless Desktop SSO and Silent Activation.
-
Click Edit and select On.
-
Scroll down and click Save.
-
-
Disable the Okta IWA agent:
-
In the Admin Console, go to Security > Delegated Authentication.
-
Scroll to On-Prem Desktop SSO.
-
Click Edit and select Off.
-
Scroll down and click Save.
-
-
Optional. Delete the Okta IWA agent:
-
In the Admin Console, go to Security > Delegated Authentication.
-
Scroll to On-Prem Desktop SSO.
-
Click Edit and scroll to the IWA Agents section.
-
Click Delete
and Delete Agent in the Delete IWA Agent dialog.
-
Optional. Repeat step d to delete additional Okta IWA agents.
-