Add SharePoint application

Before you begin

Ensure that:

  • Access Gateway is installed and configured. See Manage Access Gateway deployment.
  • Access Gateway uses your Okta tenant as an Identity Provider (IdP). See Configure your Okta tenant as an Identity Provider.
  • You have administrator rights on your Okta tenant and can create groups and assign applications.
  • Window server configured with IIS application and Active Directory Services running as a Domain Controller and implementing Kerberos (IWA) SSO.
    Note this is an example architecture. It would be unusual in large production environments to have an application server (IIS), also be a DC.
  • Access Gateway DNS must be served by the Windows DNS server.
  • Confirm that the external app version is supported. Supported Kerberos app versions include:
    • Microsoft IIS IWA: IIS 7 or later
    • Microsoft OWA IWA: IIS 7 or later

Typical workflow

Task Description
Review and document existing architecture

Review existing architecture, determine ports, configuration, zones, and whether Kerberos is enabled.

Configure a SharePoint SPN and enable Kerberos

Configure a SharePoint specific SPN and enable Kerberos as required.

Configure SharePoint as Kerberos Configure SharePoint support for Kerberos.
Configure SharePoint as IIS IWA application Run Microsoft SharePoint IWA wizard and configure SharePoint as an IIS IWA application.
Configure SharePoint to work with a reverse proxy Configure SharePoint to work with Access Gateway as a reverse proxy.
Test Test the SharePoint integration.