The Okta Administrative Account used during Okta IWA Agent installation must have Super admin permissions.
Note: When you install the Okta IWA agent the IP address of the client is added to the LegacyIPZone. For details, see Network Zones and IWA.
- In the Admin Console, go to Settings > Downloads.
- In the SSO IWA Agents area, click Download Latest.
- Browse to the location where you downloaded the installation file and double-click OktaSsoIwa-x.x.x.
- Click Next.
- In the Web Application Pool Identity dialog box, select Create or use the OktaService account, then click Next.
- Optional. When prompted, specify a proxy server for your IWA Web agent.
- On the Register Okta Desktop Single Sign-On screen, select an environment (Production, Preview, or Custom), enter your Okta customer subdomain name, and then click Next.
- On the Okta Sign In page, enter your Super admin username and password, and then click Sign In.
- To grant permission to access the Okta API, click Allow Access.
- When the message Installation completed appears, click Finish.
- In the Admin Console, go to Security > Delegated Authentication and in the On-Prem Desktop SSO area, confirm the Okta IWA Web agent is connected.