<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UzaSAFOkta Classic EngineAdministrationAnswered2024-04-30T09:18:25.000Z2016-07-11T18:35:31.000Z2018-06-20T19:32:10.000Z

  • j5v7c (j5v7c)

    More info: IWA version1.8.1

     

    I am using a global redirect URL, and forcing the users in the disparte directory to their own IWA server via DNS. The /iwa/authenticated.aspx page says they are authenticating succesfully. When they attempt to auth via IWA, they are directed to the IWA server, and then redirected to the /login/default page. I'm not seeing much in the logs that explains why they are sent back to the form rather than logged in.
    Expand Post

  • j5v7c (j5v7c)

    Is the users Public Gateway IP value enabled on the Okta allowed network IP ranges. First get the user to go to a web address of say http://www.whatsmyip.org/ to find the public gateway IP for the site.

     

    Then you will need to add that displayed IP address. To do this, go to the Okta Admin Console, select “Security”, “Network” and add any missing IP address that’s are not already in the list. Once added the user should be automatically logged into to Okta (rather than having to type in their AD username and password manually) and not be sent to the /login/default page.
    Expand Post

  • j5v7c (j5v7c)

    Hi Kevin - yes, I added their gateway IP to the network definition in Okta. Like I said, when they browse to my Okta org they are redirected to their IWA app, so that part is working. The IWA app is redirecting their users back to /login/default rather than logging them in.

  • j5v7c (j5v7c)

    I'm guessing then that something is not right in the configuration with the browser maybe as the user shgould net get passed on to the IWA URL. Have you made the changes to the local intranet settings to send on the Kerberos credentials to the IIS webserver? If you've not seen the details here's the link to the support page https://support.okta.com/help/articles/Knowledge_Article/28101616-Configuring-Desktop-SSO.

    Sorry if you've performed these steps and I'm covering old ground here.

    If you have and still have problems, it's best maybe to open up a support ticket to walk through the problem.

    Expand Post

  • j5v7c (j5v7c)

    No problem, thanks for the input. I have added their IWA site to their IE "intranet zone". The \iwa\authenticated.aspx page is successfully authenticating their users; so I think that means that IE is set up correctly? 

     

    I have opened a support case; i'll report back if we figure this out.
    Expand Post

  • j5v7c (j5v7c)

    Hi Mark,

    Were able to find a solution for this?

     

    Thanks

  • ArtC.12602 (Customer)

    did this ever work?  i have a similar situation i'd like to solve.
This question is closed.
Loading
Desktop SSO for users housed in a 2nd AD forest