Validate the agentless Desktop Single Sign-on configuration

After configuring agentless DSSO, you can verify that everything is correctly configured.

  1. Sign in to a domain-joined, on-network device that is joined to the Active Directory environment on which you have enabled Agentless Desktop SSO. Ensure that you are logged in as a user that is already active in Okta.
  2. If you haven’t already, add your Okta environment to your Local Intranet settings.
    1. In a browser, open Options > Security.
    2. Click Local Intranet > Sites > Advanced and add the URL for your Okta org as configured in earlier steps. For example, https://<myorg>.kerberos.okta.com.
    3. Click Close and OK on the other configuration options.
  3. On a Windows machine, sign into your Okta org. If agentless DSSO is configured correctly, you will be automatically redirected to your end user apps dashboard without entering any credentials.
  4. Verify in the system log that the user authenticated through Agentless Desktop SSO. In your Okta org, you will see an entry for Authenticate user via IWA with no entries referring to an on-prem IWA server.

See also