Troubleshooting Agentless Desktop SSO Not Triggering Automatically

Jan 16, 2026

Okta Classic Engine

Directories

Okta Identity Engine

Overview

This article explains why users are not routed to the Agentless Desktop Single Sign-On (DSSO) authentication flow after enabling the setting under Delegated Authentication and completing all of the prerequisite setups in Configure Agentless Desktop Single Sign-On.

Applies To

Directories
Agentless Desktop Single Sign-On (DSSO)
Routing Rules

Cause

The routing rule automatically created when Agentless DSSO was initially configured has been deleted. Disabling and enabling Agentless DSSO will not recreate a new routing rule. The default rule is only created the first time the service is enabled.

Solution

Follow the video or the steps below to manually create a new Agentless DSSO Routing Rule.

In the Okta Admin console, navigate to Security > Identity Providers > Routing Rules.
Click on Add Routing Rule.
Configure the routing rule based on the Network Zones as in the screenshot below:
Select AgentlessDSSO from the drop-down under Use this identity provider.
Click on Create Rule.
Click on the Activate button on the Rule to activate it and move it to the highest priority, depending on the use case. If the rule should not be activated yet, click on Don't Activate.

Activate rule

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies