Okta IWA Web agent installation prerequisites

The following are the prerequisites for installing the Okta IWA Web agent:

• You must have installed and configured the Okta AD agent and Delegated Authentication must be enabled before you can configure IWA DSSO. See Manage your Active Directory integration.
• Make sure that Port 80 (for http) and Port 443 (for https) are open for inbound traffic on the same server that hosts the Okta IWA Web agent.

  Note: Okta strongly recommends that you enable SSL.

• Windows Server 2012, Server 2016, Windows Server 2019, or Windows Server 2022.

• .NET 4.6.2 (minimum) up to .NET 4.7.x and ASP .NET 4.7. If you have a lower version of .NET, upgrade to 4.6.2 or higher.

• To improve the security of our integrations, we now only communicate using TLS 1.2 security protocol. Ensure you are running .NET framework 4.6.2 or later so the AD agent installs correctly.

• IIS 7.5 or higher must be installed on the server. If the required IIS version is not installed, the installer quits and you receive an error message.
• AD Agent 3.0.4.x or higher. The Okta AD agent does not have to be on the same server that hosts the OktaIWA Web agent.
• If your enterprise has more than one domain, see Configure the OktaIWA Web agent Universal Principal Name.

• The IWA agent doesn't require any extra privileges beyond the default permissions the user inherits from the Domain Users group. However, note the following:

  • The installer configures some additional local permissions for the service account to allow it access the web-application files.
  • The IWA agent requires read and execute permissions for files in C:\inetpub\webroot\IWA.
  • If you want to use an existing account, then ensure:
    • the account is active and the password never expires
    • the account has permissions to read and execute for the C:\inetpub\wwwroot\IWA directory and its content