Configure browsers for single sign-on on Windows

Configuring changes on Internet Explorer (IE) will be enough as Chrome will recognize these settings.

Note: Firefox and Edge are not supported.

There are three main steps involved in configuring the browsers on Windows:

  • Enabling Integrated Windows Authentication (IWA) on the browsers.
  • Adding Okta as a trusted site to the Local Intranet Zone in IE. The Okta URLs must include https://<myorg>.kerberos.<oktaorg>.com.
  • Creating a Group Policy Object (GPO) to apply the setting on all your client machines.
  1. Enable IWA on the browsers:
    1. In IE, click ToolsInternet options.
    2. Click the Advanced tab, scroll down to Security, and select Enable Integrated Windows Authentication.
    3. Click OK.

    Note: Make sure that IE can save session cookies (Internet optionsPrivacy tab). If it cannot, neither SSO nor standard sign-in can work.

  2. Configure the Local Intranet Zone to trust Okta:
    1. In IE and click ToolsInternet options and click the Security tab.
    2. Click Local IntranetSitesAdvanced and add the URL for your Okta org you configured in Add the SPN. For example: https://<myorg>.kerberos.<oktaorg>.com.
    3. Click Close and OK on the other configuration options.
  3. Create a GPO to apply the settings to all client machines using Agentless DSSO.

Next steps

Test the Desktop Single Sign-on settings