Configure browsers for single sign-on on Windows

Configuring changes on Internet Explorer (IE) will be enough as Chrome will recognize these settings.

Note: Firefox and Edge are not supported.

There are three main steps involved in configuring the browsers on Windows:

• Enabling Integrated Windows Authentication (IWA) on the browsers.
• Adding Okta as a trusted site to the Local Intranet Zone in IE. The Okta URLs must include https://<myorg>.kerberos.<oktaorg>.com.
• Creating a Group Policy Object (GPO) to apply the setting on all your client machines.

1. Enable IWA on the browsers:
   1. In IE, click ToolsInternet options.
   2. Click the Advanced tab, scroll down to Security, and select Enable Integrated Windows Authentication.
   3. Click OK.

   Note: Make sure that IE can save session cookies (Internet optionsPrivacy tab). If it cannot, neither SSO nor standard sign-in can work.

2. Configure the Local Intranet Zone to trust Okta:
   1. In IE and click ToolsInternet options and click the Security tab.
   2. Click Local IntranetSitesAdvanced and add the URL for your Okta org you configured in Add the SPN. For example: https://<myorg>.kerberos.<oktaorg>.com.
   3. Click Close and OK on the other configuration options.
3. Create a GPO to apply the settings to all client machines using Agentless DSSO.

Next steps

Test the Desktop Single Sign-on settings