• Okta Classic Engine
• Directories
• Desktop Single Sign On (DSSO)
• IWA Agent

1. First, acquire and install a valid SSL certificate and install it on the IWA Agent server.

           NOTE: Okta Support cannot assist with installing SSL certificates on the IWA server.

• See the following documents for more details on installing the certificate.

  • CSR Generation for SSL Certificates

  • How to Install an SSL/TLS Certificate In Microsoft IIS 7

• Use a certificate that contains one or more Subject Alternative Names (SANs).

• The IWA Redirect URL must match the CN or SAN listed on the certificate.

• Wildcard certificates are supported and recommended for multi-agent environments.

2. Next, enable SSL for IWA in the Okta Admin Dashboard.

   1. Navigate to Security > Delegated Authentication.

   2. Select Edit next to On-Prem Desktop SSO.
       

   3. Go to the IWA Agents header and select the pencil Icon next to the appropriate IWA Agent server.
       

   4. Change http to https in the IWA redirect URL.
       

   5. Click Save to close the Window and then press Save again below the IWA Agents menu.
       

Related References

• Configure SSL for the Okta IWA Web agent