IWA via a Load Balancer Skip to main content
https://support.okta.com/help/answers?id=9062a000000qun0qak&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Gregor BlajGregor Blaj 

IWA via a Load Balancer

Hi,

For resiliency, I want to load balance (via a Netscaler) any requests to the IWA site to multiple servers running the IWA Web App. Okta doesn't seem to have specific documentation on what exactly is required. I would prefer the load balancer to be transparent, in SSL-Bridge mode, not decrypting the traffic.

- Persistence type/length?
- Monitoring (Just sso.domain.com/iwa/auth.aspx for code 200)?
- Ports (80 and 443)?
- Anything else I'm overlooking?

Thanks for any help.
 
Taylor WellsTaylor Wells (Okta, Inc.)
We do not have any Netscaler-specific documentation regarding IWA and Netscaler, but the only configuration changes required for IWA to work with a load-balancer is to make sure the "Public Gateway IPs" list is updated to include the IP Gateways of the Netscaler load balancer. This is done in the Admin portion of Okta under "Security -> Authentication -> Active Directory".  If you have any other questions about this or would like help with the configuration you can always open a case with our Tech Support department. We are always happy to help out. 
Gregor BlajGregor Blaj
Hi Taylor,

Thanks for your response. Aren't Public Gateway IP Addresses same as zones and only used to evaluate on/off network? Since this load balancer would be internal, I don't think anything is required.

I did log this with support and this was their "helpful" response.

We have several customers using load balancer, but we do not offer support for this implementation thus the reason we do not have any documentation for it. 
Please let me know if you require any additional information.Thank You