Configure agentless Desktop Single Sign-on

With agentless Desktop Single Sign-on (DSSO), you don't need to deploy IWA agents in your Active Directory domains to implement DSSO functionality. This reduces or eliminates the maintenance overhead and provides high availability as Okta assumes responsibility for Kerberos validation.

Okta automatically fails over to the default sign-on page or the custom error URL if it is available.

Topics

• About the agentless Desktop Single Sign-on workflow
• Create a service account and configure a Service Principal Name
• Configure browsers for Windows agentless Desktop Single Sign-on
• Configure browsers for Mac agentless Desktop Single Sign-on
• Enable agentless Desktop Single Sign-on
• Update the default Desktop Single Sign-on Identity Provider routing rule
• Validate the agentless Desktop Single Sign-on configuration
• Test the agentless Desktop Single Sign-on configuration