Okta SSO IWA Web App agent Version History

This page displays current and past versions of the Okta Integrated Windows AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect. (IWA) Web Application. This page is updated whenever a new version of the application is released (Generally Availability (GA) and/or Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. (EA)). 

To download the latest agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations., from your Administrator Dashboard, select Settings > Downloads and scroll to the agent you want. Click the Download button and run the installer.

Current GA Version 1.12.3
Current EA Version 1.13.0

Version Description Release
1.13.0 This EA version of the agent contains bug fixes. 2019.06.3
1.12.3 This GA version of the Okta SSOAn acronym for single sign-on. In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in. Okta provides a seamless experience across PCs, laptops, tablets, and smartphones. IWA Web agent contains internal fixes. 2019.05.0

This EA release includes:

1.12.1 This EA release includes a security fix and memory performance improvements when streaming data. 2018.44
1.12.0 This Early Access release provides performance improvements and a fix to the installer. 2018.33

This Generally AvailableGenerally Available features are available to all orgs automatically according to each customer's SKU. You don’t need to enable them in the console or contact Okta Support. release provides the following:

  • To improve the security of IWA integrations, we now default to the TLS 1.2 security protocol in orgs running .NET Framework 4.5 or later. Orgs running earlier versions of the .NET Framework continue to use TLS 1.0.
  • Internal fixes to the installer.

This Generally Available release provides the following:

  • To improve the security of IWA integrations, we now default to the TLS1.2 security protocol in orgs running .NET Framework 4.5 or later. Orgs running earlier versions of the .NET Framework continue to use TLS 1.0.

This Early Access release provides the following:

  • To improve the security of IWA integrations, we now default to the TLS1.2 security protocol in orgs running .NET Framework 4.5 or later. Orgs running earlier versions of the .NET Framework continue to use TLS 1.0.
  • Internal fixes to the installer.
2018.12 This Early Access version of the IWA/SSO agent includes internal updates. 2018.02
1.11.1 This version includes internal updates and minor fixes. 2017.45

This EA version is only required for customers taking advantage of Okta Device Trust for managed Windows computers. Otherwise, you do not need to install this version of the IWA web app.

This device trust solution uses version 1.11.0 of the IWA web app to confirm the security posture of Windows computers and users by validating that both are joined to your Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. domain. For more information, see Okta Device Trust for managed Windows computers.


This version restores support for Windows Server 2008 (removed temporarily in version 1.10.2).


This version fixed the following issues:

1.10.1 Adds support for installing and starting the plugin on servers running Windows Server 2016. GA — 2017.04
EA — 2017.02
1.10.0 With this release, SSO IWA log-in flows now display the orgThe Okta container that represents a real-world organization.'s logo if configured in Settings > Appearance > Organization Logo. 2016.36
  • Fixed an issue that prevented Windows Internet Explorer 9 users from signing-in to Okta.
  • Fixed an issue that prevented users from updating to Okta IWA Web App version 1.9.1 (EA).

GA — 2016.35

EA — 2016.13

  • We have improved the app sign-in experience for customers with Integrated Windows Authentication (IWA) in certain environments.
  • To allow admins to register the IWA Web App agent in our EMEA production environment, we have added a Production-EMEA option to the agent installer.
1.9.0 2016.04
1.8.1 This version supports UPN Transformation. This feature ensures that users with profiles in more than one directory, each in different domains within an enterprise, can reliably log in to their Okta org via Desktop SSO. For more information, see Configuring Desktop SSO.

GA – 2016.04

EA – 2015.26

1.8.0 Internal updates. 2015.25
1.7.12 Supports redirection from Integrated Windows Authentication (IWA) to Okta when using Chrome on OSX. 2015.14
1.7.11 Includes the following enhancements:
  • The IWA now provides logging information. The log files can be found here: %ProgramData%/Okta/IWA/logs.
  • IWA registration error messages have been improved.
For more information about Okta IWA, see Configuring Desktop SSO​.

Provides an update that disables SSL3 encryption protocol to address the Poodle security vulnerability.


Includes 2048-bit certificate creation, enabling installation on Windows Server 2008 R2 SP1. Requires OAuth authentication during setup.


Fixed an issue related to installing Desktop SSO IWA Web App on Windows Server 2012/IIS 8.


Fixed an issue in which Okta was unable to use the IWA global redirect feature for orgs employing redundant IWA servers. This issue prevented Okta from successfully validating certificates for non-primary IWA agents. We highly recommend that you upgrade your IWA agent.

1.7.2 Resolved an issue where OktaIWA fails to start because the identity account was set to OktaService instead of <domain_name>\OktaService. 04/22/2013
1.7.1 Fixed an issue where an improper message was displayed when a user cancelled the IWA installation. 02/13/2013
1.7.0 Adds a new dialog screen to the IWA web application installer that allows users to create a new Windows service account or choose an existing one. This update is optional and does not affect desktop SSO functionality. 01/29/2013
1.6.12 Adds a proxy configuration dialog to the installer that allows users to specify a proxy server address and credentials when needed. This update is optional and can be done at the user's convenience. 01/09/2013

Turns off debug mode for the web.config file, which is generated when the IWA web app is installed. Install at your convenience.

1.6.8 Internal Fixes 08/21/2013

Makes it easier to install additional IWA Web apps without overwriting the old app. Installed agents are viewable at Security > Authentication > Desktop SSO.


Note: After October 13, 2014, releases are named by release number; prior to that, they are named by release date. Release numbers indicate the year and week in which the release became available. Occasionally, there are gaps in the numbers.