Configure browsers for single sign-on on Windows
Configuring changes on Internet Explorer (IE) will be enough as Chrome will recognize these settings.
Note: Firefox and Edge are not supported.
There are three main steps involved in configuring the browsers on Windows:
- Enabling Integrated Windows Authentication (IWA) on the browsers.
- Adding Okta as a trusted site to the Local Intranet Zone in IE. The Okta URLs must include https://<myorg>.kerberos.<oktaorg>.com.
- Creating a Group Policy Object (GPO) to apply the setting on all your client machines.
- Enable IWA on the browsers:
- In IE, click .
- Click the Advanced tab, scroll down to Security, and select Enable Integrated Windows Authentication.
- Click OK.
Note: Make sure that IE can save session cookies (
). If it cannot, neither SSO nor standard sign-in can work. - Configure the Local Intranet Zone to trust Okta:
- In IE and click Security tab. and click the
- Click Okta org you configured in Add the SPN. For example: https://<myorg>.kerberos.<oktaorg>.com. and add the URL for your
- Click Close and OK on the other configuration options.
- Create a GPO to apply the settings to all client machines using Agentless DSSO.