For resiliency, I want to load balance (via a Netscaler) any requests to the IWA site to multiple servers running the IWA Web App. Okta doesn't seem to have specific documentation on what exactly is required. I would prefer the load balancer to be transparent, in SSL-Bridge mode, not decrypting the traffic.
- Persistence type/length? - Monitoring (Just sso.domain.com/iwa/auth.aspx for code 200)? - Ports (80 and 443)? - Anything else I'm overlooking?
We do not have any Netscaler-specific documentation regarding IWA and Netscaler, but the only configuration changes required for IWA to work with a load-balancer is to make sure the "Public Gateway IPs" list is updated to include the IP Gateways of the Netscaler load balancer. This is done in the Admin portion of Okta under "Security -> Authentication -> Active Directory". If you have any other questions about this or would like help with the configuration you can always open a case with our Tech Support department. We are always happy to help out.
Thanks for your response. Aren't Public Gateway IP Addresses same as zones and only used to evaluate on/off network? Since this load balancer would be internal, I don't think anything is required.
I did log this with support and this was their "helpful" response.
We have several customers using load balancer, but we do not offer support for this implementation thus the reason we do not have any documentation for it. Please let me know if you require any additional information.Thank You