How to Change the Service Account Password for Agentless Desktop Single Sign-on
Jun 23, 2025
Okta Classic Engine
Directories
Okta Identity Engine
Overview
This article provides the steps to update the service account's password for Agentless Desktop Single Sign-on.
Applies To
- Agentless Desktop Single Sign-on (Agentless DSSO)
- Active Directory
- Directories
Solution
Follow the video or the steps below to update the password for the Agentless DSSO service account:
- Navigate to the account in Active Directory and change the password.
- Open Active Directory Users and Computers on the Domain Controller.
- Find and then right-click the service account.
- Choose Reset password.
- To validate the new credentials, log in to Okta.
- Go to Security > Delegated Authentication.
- Scroll to Agentless Desktop SSO.
- Click Edit.
- In the AD Instances section, select the Active Directory instance on which the SPN was configured.
- Click the pencil.
-
- Enter the new password into the service account password field.
- Click Save to validate the new credentials.
NOTE: Users may be unable to sign in to Okta via Agentless DSSO if they received their Kerberos ticket before the service account had its password reset. The system log may display the following error: GSS_ERROR. To remediate this issue, simply log out of the domain (or log out of the domain-joined Windows computer) and re-authenticate.
