Okta POC Server Requirements (AD Agent) Skip to main content
https://support.okta.com/help/blogdetail?id=a67f0000000xzd1iao&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fblogdetail
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.

Okta POC Server Requirements (AD Agent)

Sep 07, 2015 | by Thomas Hill in Managing Apps with Single Sign On

Original Authors: Joel Hanson,  Sr. Sales Engineer, Okta, Lee Tschetter, Sr. Sales Engineer, Okta

Delegated Authentication and User Synchronization

  • A server or Virtual Machine running Windows Server 2008R2 or later.
  • The server needs to be a member of the Windows Domain and have access to a domain controller.
  • Service account in the Domain Users AD group.

Recommended VM Sizing for POC:

  • 2 or more CPUs
  • 4 gb of RAM
  • 4gb+ of available space on the C: drive

If you want to test AD Self Service Password Reset you will either need to make the service account a domain admin or add the following permissions to the Okta service account:

Allow-

Change Password

Reset Password

Read userAccountControl

Write userAccountControl

Read lockoutTime

Write lockoutTime

Please see the following links for how to add the correct permissions:

Active Directory Password Reset : Okta Support

Delegate Service Account Unlock permissions

 

These permissions are grouped in the "Delegate Control" wizard on 2008 or higher under "Reset user passwords and force password change at next logon":

Desktop Single Sign On

Desktop Single Sign On (Desktop SSO) will allow domain joined devices to use kerberos to authenticate to Okta when the device is on the corporate network.

 

  • A server or VM running Windows Server 2008 or newer. Recommend windows 2008 r2 or newer if possible. Can be the same server as the Delegated Authentication server above.
  • The server needs to be a member of the Windows Domain and have access to a domain controller.
  • A clean installation of Microsoft IIS is strongly recommended (ie. Not running sharepoint or other applications).
  • If you plan to use Safari or Firefox, you will need to add the HTTPS binding before going in to production. How to Set Up SSL on IIS 7 using IIS Manager
  • IMPORTANT Additional Windows Server 2012/Windows Server 2012r2 Pre-Reqs:

Comments