<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VHESA3Okta Classic EngineSingle Sign-OnAnswered2024-04-30T09:18:25.000Z2018-02-02T16:59:50.000Z2018-02-07T15:30:06.000Z

byr4w (byr4w) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Trusted Domain
We have 2 AD Domains, Domain A and Domain B. Both domains have Okta SSO configured, so a user from Domain A logging into a computer from Domain A will automaticaly SSo into Okta and apps such as O365 will authenticate using SSo. The same applies for a user from Domain B logging into a computer from Domain B

 

When a user from Domain B logs into a computer from Domain A, SSo does not work. Can you provide assistance with the configuration require for this use case? Thanks
  • 3 answers
  • 1.46K views

  • andrei.aldea1.4721588181695305E12 (Okta, Inc.)

    Hello Mark,

     

    The use case you described, having a user from Domain B logging on a machine that belongs to Domain A would not work for IWA authentication due to the fact that the user does not exist on the same domain as the machine.

     

    Even if there is a two-way trust between domains, I don't believe this would be possible.

     

    Thank you,

    Andrei Aldea

    Technical Support Engineer

    Okta Global Customer Care

    Expand Post

  • 38s9h (38s9h)

    Hi Mark,

     

    You can always use UPN transformation to rewrite the UPN suffix of users from different domains. I know okta support is pretty garbage, but I would at least expect them to tell you this instead of saying "I don't believe this would be possible". 

     

    Anyway try UPS transform in the web.conf file on your IWA server.

     

    Best of luck!

     

    Kris
    Expand Post

  • j5v7c (j5v7c)

    Hello,

     

    Thanks for posting your inquiry in Okta Community Portal.

     

    ​If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

     

    Thank you,

     

    ​Dylann Fezeu

    Okta Help Center Team
    Expand Post
This question is closed.
Loading
Trusted Domain