Best practices question: Wise or unwise to open up IWA to be reachable from the outside? Skip to main content
https://support.okta.com/help/answers?id=906f0000000i0c4iak&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
John BrosiusJohn Brosius 

Best practices question: Wise or unwise to open up IWA to be reachable from the outside?

From a best practices prospective. I was wondering if it is wise or unwise to configure IWA to be reachable from the outside given that I have IIS configured with a public SSL cert and Okta configured to allow certain gateway ip’s?
 
JeremyAdmin WheelerAdminJeremyAdmin WheelerAdmin
I have this exact same question. If I have a user travelling with a domain joined machine, will it pass their credentials through from their laptop? Any reason not to do this if we have a secure connection?

However, if you don't mind John, I have a question for you. I can't even get SSL working. I have a problem where the user get prompted for their domain credentials before it will "SSO" them into Okta. Was there any particular settings you had to set in IIS? The documentation from Okta that I have was followed exactly, but I can't get rid of this login prompt.