The Okta Administrative Account used during Okta IWA Agent installation must have Super admin permissions.
When you install the Okta IWA agent the IP address of the client is added to the LegacyIPZone. See Network Zones and IWA.
- In the Admin Console, go to Settings > Downloads.
- In the SSO IWA Agents area, click Download Latest.
- Browse to the location where you downloaded the installation file and double-click OktaSsoIwa-x.x.x.
- Click Next.
- In the Web Application Pool Identity dialog box, select Create or use the OktaService account, then click Next.
- Optional. When prompted, specify a proxy server for your IWA Web agent.
- On the Register Okta Desktop Single Sign-On screen, select an environment (Production, Preview, or Custom), enter your Okta customer subdomain name, and then click Next.
- On the Okta Sign In page, enter your Super admin username and password, and then click Sign In.
- To grant permission to access the Okta API, click Allow Access.
- When the message Installation completed appears, click Finish.
- In the Admin Console, go to Security > Delegated Authentication and in the On-Prem Desktop SSO area, confirm the Okta IWA Web agent is connected.