When Using DSSO with a Custom Domain, End-users Land on the Default Domain after Authentication

Loading

Skip to Navigation Skip to Main Content

Search

Search

Select Language

When Using DSSO with a Custom Domain, End-users Land on the Default Domain after Authentication

Dec 8, 2023

Okta Classic Engine

Okta Identity Engine

Administration

Overview

When a Custom Domain is configured, and the end-user will authenticate using DSSO, the end-user will land on the default domain.

Example: The user will go to https://Custom_domain.com and they will land on https://subomain.okta.com.

Applies To

Desktop Single Sign On (DSSO)
Custom Domain

Cause

The IWA (DSSO) agent is configured with the default domain.

Solution

Go to the server that is hosting the DSSO agent.
Navigate to C:\inetpub\wwwroot\IWA\web.config
Look for <oktaSSOConfigGroup>
Modify <oktaSSOConfig orgOktaAuthenticationURL= and orgBackupOktaAuthenticationURL= from the default domain to the custom domain.

Example:

<oktaSSOConfigGroup>
<oktaSSOConfig orgOktaAuthenticationURL="https://Your_custom_Domain.com/login/sso_iwa_auth"
orgBackupOktaAuthenticationURL="https://Your_custom_domain/login/default"
oktaSSOWebAppVersion="1.12.3.0">
<iwaDetection timeout="1000" />
<upnTransformation>

</upnTransformation>
</oktaSSOConfig>

Once the above is done, restart the IIS server and test it.

Was this content helpful?

Recommended content

Documentation

Okta Identity Engine release notes (2024)

Documentation

Okta Classic Engine release notes (2022)

Documentation

Okta Identity Engine release notes (2023)

Documentation

Okta Classic Engine release notes (2023)

Loading

When Using DSSO with a Custom Domain, End-users Land on the Default Domain after Authentication