When web browsers lack the proper configuration for Desktop Single Sign-On (DSSO), authentication fails and redirects to the Okta login page. Resolving this requires adding the Integrated Windows Authentication (IWA) server URL and the Okta org URL to the Local intranet zone in Windows Internet Options.

• Okta Classic Engine
• Desktop Single Sign-On (DSSO)
• Integrated Windows Authentication (IWA)

The web browsers lack the required configuration for Desktop Single Sign-On.

How is the Desktop Single Sign-On failure due to browser configuration resolved on Windows computers?

Test IWA from the client machine by accessing https://<myIWA_server>/IWA/authenticated.aspx to ensure there is no prompt for Windows credentials.

If a prompt for Windows credentials appears, add the IWA server URL and the Okta org URL as Local Intranet Sites in the Windows Network and Internet settings.

1. On the Windows Control Panel, select Network and Internet > Internet Options > Security > Local intranet > Sites > Advanced.
2. In the Add this website to the zone field, enter the appropriate URLs.
   • https://hostname.companyname.com or http://hostname.companyname.com
   • https://<subdomain>.okta.com, https://<subdomain>.okta-emea.com, or https://<subdomain>.oktapreview.com
     NOTE: Replace the placeholder URLs with the respective IWA server URL and Okta org URLs appropriately.
3. Select Add.
4. Select OK twice to close the Internet Options window.

The following image displays the Local intranet zone configuration screen in Windows Internet Options.

Related References

• Desktop Single Sign-On
• Test the Okta IWA Web agent