This article provides the steps to update the service account password for Agentless Desktop Single Sign-on (ADSSO) in Okta. Administrators must update the password in Active Directory and then validate the new credentials in the Okta Admin Console to ensure continuous authentication.
- Okta Identity Engine (OIE)
- Okta Classic Engine
- Agentless Desktop Single Sign-on (Agentless DSSO)
- Active Directory (AD)
- Directories
How is the service account password updated for Agentless Desktop Single Sign-on?
Update the password for the Agentless DSSO service account by resetting the credentials in Active Directory and validating the new password in the Okta Admin Console.
- Open Active Directory Users and Computers on the Domain Controller.
- Find and right-click the service account.
- Choose Reset password and change the password.
- Sign in to the Okta Admin Console to validate the new credentials.
- Go to Security, and then select Delegated Authentication.
- Scroll to Agentless Desktop SSO and click Edit.
- Select the Active Directory instance on which the Service Principal Name (SPN) is configured in the AD Instances section.
- Click the pencil icon to edit the configuration.
- Enter the new password into the service account password field.
- Click Save to validate the new credentials.
NOTE: Users may be unable to sign in to Okta via Agentless DSSO if they received a Kerberos ticket before the service account password reset occurs. Okta generates a GSS_ERROR error in the System Log. To remediate this issue, the user must sign out of the domain or the domain-joined Windows computer and re-authenticate.
