Best practices question: Wise or unwise to open up IWA to be reachable from the outside?
From a best practices prospective. I was wondering if it is wise or unwise to configure IWA to be reachable from the outside given that I have IIS configured with a public SSL cert and Okta configured to allow certain gateway ip’s?
I have this exact same question. If I have a user travelling with a domain joined machine, will it pass their credentials through from their laptop? Any reason not to do this if we have a secure connection?
However, if you don't mind John, I have a question for you. I can't even get SSL working. I have a problem where the user get prompted for their domain credentials before it will "SSO" them into Okta. Was there any particular settings you had to set in IIS? The documentation from Okta that I have was followed exactly, but I can't get rid of this login prompt.