<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Exclude an Application from DSSO Authentication in Okta
Oct 28, 2025
Single Sign-On
Okta Classic Engine
Directories
Overview
This article provides steps to exclude an application from Integrated Windows Authentication (IWA) Desktop Single Sign-on (DSSO) authentication or Agentless DSSO in Okta. 
Applies To
  • Directories
  • Desktop Single Sign-On
  • Routing Rules
  • Okta Classic Engine
Solution

To exclude an application from IWA DSSO or Agentless DSSO authentication, follow the steps or video below:

  1. On the Okta Dashboard, navigate to Security > Identity Providers > Routing Rules in the Okta Admin Console.

  2. Create a new routing rule by clicking on the Add Rule button.

  3. On the AND User is accessing filter, select Any of the following applications and search for the application intended for exclusion.

Any of the following applications option

  1. Filter users by selecting a condition for either the User's IP, User's Device Platform, or Users Matches filters.
    filters 

  2. Ensure that the Identity provider used is set to Okta.
    Identity provider 

  3. After saving the rule, activate it by clicking on Activate on the screen that appears.
    Activate button 

  4. Ensure that this rule is placed higher than the rule for Desktop Single Sign-On.

Recommended content

Still looking for help?
Loading
How to Exclude an Application from DSSO Authentication in Okta