<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VRTSA3Okta Classic EngineSingle Sign-OnAnswered2020-04-24T19:30:43.000Z2016-12-13T18:50:51.000Z2017-12-06T17:34:25.000Z

JeremyH.86309 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:20 AM
Update AD password and now all SWA apps broke
Hi all,

I am just going through the Okta setup process and have started adding applications.  I have a number of SAML ones as well as SWA.  All my SWA are set up where the "Admin sets the username and the password is the Okta Password".  The username/password for the SWA apps are our AD credentials.and we sign into our Okta Dashboard with our AD credentials.  The issue that I am having is that I changed my AD password and it broke all my SWA apps.  The IWA is functioning correctly and I am auto-logged in when I am on my network. All SAML apps are fine.  It just does not appear to be passing the new password for the SWA apps.  I verified this by logging directly into the apps with my new AD password and it works fine.  I also verified that my Okta password updated with my AD one by turning off Desktop SSO and manually signing in to my Okta dashboard with my new password. What am I missing?
  • 3 answers
  • 921 views

  • JeremyH.86309 (Customer)

    Now some more interesting behavior.  After I turned off the IWA Desktop SSO feature, logged in to my dashboard with the new AD password, turned it back on and now my SWA apps are working.  They were broke for a good 3 hours.  Any idea what caused this? I can't have a 3 hour lag in password updates or tell my 400+ users to jump through hoops everytime a password is changed.  Thanks
    Expand Post

  • ParthS.82736 (Customer)

    Hi @Jeremy,

     

    Please see some points from my end : 
    • As you're using delegated authentication to AD and IWA, OKTA does not remember the AD Password and users are auto logged-in to OKTA using Desktop SSO.
    • For SWA apps, if you change AD password then you need to manually login to OKTA with new AD password using /login/default.
     For your test case (After I turned off the IWA Desktop SSO feature, logged in to my dashboard with the new AD password, turned it back on and now my SWA apps are working) 
    • You stoppped IWA.
    • So users had to manually enter the AD Password.
    • Now OKTA has pushed this password with all SWA app
    • Ths is reason all SWA apps started working after you disabled IWA and enforced users to login to OKTA with password
    Expand Post

  • Markus (Customer)

    Parth,

    thanks for the explanation. Would a setpassword via the API be equivalent to a logout / login and would the SWA application passwords be updated during such an operation?
This question is closed.
Loading
Update AD password and now all SWA apps broke