Add a SharePoint application
Before you begin
Ensure that:
- Verify that Access Gateway is installed and configured. See Manage Access Gateway deployment.
- Verify that Access Gateway uses your Okta org as an Identity Provider (IdP). See Configure an Identity Provider in Access Gateway.
- Verify that you have administrator rights on your Okta org and can create groups and assign applications.
- Window server configured with IIS application and Active Directory Services running as a Domain Controller and implementing Kerberos (IWA) SSO.
Note this is an example architecture. It would be unusual in large production environments to have an application server (IIS), also be a DC. - Access Gateway DNS must be served by the Windows DNS server.
- Confirm that the external app version is supported. Supported Kerberos app versions include:
- Microsoft IIS IWA: IIS 7 or later.
- Microsoft OWA IWA: IIS 7 or later.
Typical workflow
| Task | Description |
|---|---|
| Review and document existing architecture |
Review existing architecture, determine ports, configuration, zones, and whether Kerberos is enabled. |
|
Configure a SharePoint specific SPN and enable Kerberos as required. |
|
| Configure SharePoint as Kerberos | Configure SharePoint support for Kerberos. |
| Configure SharePoint as IIS IWA application | Run Microsoft SharePoint IWA wizard and configure SharePoint as an IIS IWA application. |
| Configure SharePoint to work with a reverse proxy | Configure SharePoint to work with Access Gateway as a reverse proxy. |
| Test | Test the SharePoint integration. |