Create an Microsoft IIS IWA application
During this task we will create the required Microsoft IIS IWA application in Access Gateway.
- Sign in to the Access Gateway Admin UI console.
Click the Applications tab.
- Select Microsoft IIS IWA from the left column menu, and click Create.
If the Microsoft IIS, OWA, or SharePoint IWA applications are disabled, ensure that there's a valid Kerberos service configured in settings.
- If required, expand the Essentials pane and enter:
Field Value Label The name of the application, as shown in your Okta Tenant.
For example:Microsoft IIS Application
Public Domain The externally facing URL of the application.
For example: https://iis.idaasgateway.net
Protected Web Resource Fully qualified URL to the Microsoft backing application. Group The group containing users who can access the application.
- [Optional] Assign load balancers
Okta recommends that whenever possible load balancers and Access Gateway as a load balancer be implemented.
See Load balancing.
- Expand the Protected Web Resource tab.
- Enable Load Balancing By Access Gateway.
A table of hostnames and weights representing the target load balancing instances appears. This table is initially empty. Click edit to modify an entry in the table, or click delete to delete an entry.
- Choose either HTTP or HTTPS as the URL scheme. Each protected web resource that you add inherits this scheme.
- Optional. Enable and specify Host Header value.
- Complete the following steps to add a host, repeat as required:
- Click Add protected web resource.
- Enter a fully qualified hostname:port combination (for example, https://backendserver1.atko.com:7001).
- Enter a weight from 1 to 100. Enter 0 to specify that a host is disabled.
Weights represent the percentage of requests that will be routed to this host.
For example, two hosts of weights 2:1 would result in requests being routed ~66% to the host weighted 2 and ~33% to the host weighted 1.
- Click Okay.
- Expand the Certificates tab.
By default, when you create the application the system generates a self-signed wildcard certificate and assigns it to the app.
- Optional. Click Generate self-signed certificate. A self-signed certificate is created and automatically assigned to the application.
- Optional. Select an existing certificate from the list of provided certificates.
Use the Search field to narrow the set of certificates by common name. Use the page forward (>) and backward (<) arrows to navigate through the list of available certificates.
- Click Next
- In the Application pane, enter:
Field Value Kerberos Realm Enter the name of the associated realm
- Click Next.
- In the Attributes pane:
Click Add attribute to add an attribute what corresponds to sAMAccountName.
- Verify he following:
IDP attribute that correlates with the users sAMAccountName
- Click Save.
- Click Done.
While optional, Okta recommends that all applications include certificates.
The application is added and the Application list page is displayed.