Add a SharePoint application

Before you begin

Ensure that:

  • Verify that Access Gateway is installed and configured. See Manage Access Gateway deployment.
  • Verify that Access Gateway uses your Okta org as an Identity Provider (IdP). See Configure an Identity Provider in Access Gateway.
  • Verify that you have administrator rights on your Okta org and can create groups and assign applications.
  • Window server configured with IIS application and Active Directory Services running as a Domain Controller and implementing Kerberos (IWA) SSO.
    Note this is an example architecture. It would be unusual in large production environments to have an application server (IIS), also be a DC.
  • Access Gateway DNS must be served by the Windows DNS server.
  • Confirm that the external app version is supported. Supported Kerberos app versions include:
    • Microsoft IIS IWA: IIS 7 or later
    • Microsoft OWA IWA: IIS 7 or later

Typical workflow

Task Description
Review and document existing architecture

Review existing architecture, determine ports, configuration, zones, and whether Kerberos is enabled.

Configure a SharePoint SPN and enable Kerberos

Configure a SharePoint specific SPN and enable Kerberos as required.

Configure SharePoint as Kerberos Configure SharePoint support for Kerberos.
Configure SharePoint as IIS IWA application Run Microsoft SharePoint IWA wizard and configure SharePoint as an IIS IWA application.
Configure SharePoint to work with a reverse proxy Configure SharePoint to work with Access Gateway as a reverse proxy.
Test Test the SharePoint integration.