Add SharePoint application

The purpose of this guide is to step through the process of configuring SharePoint applications with Access Gateway.

Before you begin

Ensure that:

  • Access Gateway is installed and configured for use.
    See Manage Access Gateway deployment.
  • Access Gateway has been configured to use your Okta tenant as IDP.
    See Configure your Okta tenant as an Identity Provider for more information about configuring your Okta tenant as an IDP.
  • You have administrator rights on your Okta tenant and can assign applications to users and create groups.
  • Window server configured with IIS application and Active Directory Services running as a Domain Controller and implementing Kerberos (IWA) SSO.
    Note this is an example architecture. It would be unusual in large production environments to have an application server (IIS), also be a DC.
  • Access Gateway DNS must be served by the Windows DNS server.
  • Confirm that the external app version is supported. Supported Kerberos app versions include:
    • Microsoft IIS IWA - IIS 7 or later
    • Microsoft OWA IWA - IIS 7 or later

Typical workflow



Review and document existing architecture

Review existing architecture, determine ports, configuration, zones, and whether Kerberos is enabled.

Configure a SharePoint SPN and enable Kerberos

Configure a SharePoint specific SPN and enable Kerberos as required.

Configure SharePoint as Kerberos Configure SharePoint support for Kerberos.
Configure SharePoint as IIS IWA application Run Microsoft SharePoint IWA wizard and configure SharePoint as an IIS IWA application.
Configure SharePoint to work with a reverse proxy Configure SharePoint to work with Access Gateway as a reverse proxy.
Test Test the SharePoint integration.