0nanf (0nanf) asked a question.
Agentless desktop sso
Do i need add registry keys Office 365 desktop apps (word, excel..) in agentless SSO?
And if yes, what registry keys / value?
- george.todor1.518182597356543E12 (Vendor Management)
Here is the documentation for your issue: https://help.okta.com/en/prod/Content/Topics/Directory/Configuring_Agentless_SSO.htm
For more troubleshooting please open a support case.
- petri.rantanen (Secure Cloud Finland Oy)
Thank you, but i'm still confused. Document says: "
For example, if you have four native apps: MSWord, Excel, PowerPoint, and GoToMeeting and you only want Agentless DSSO on the GoToMeeting app then you'd need to add a registry key for the GoToMeeting app.".
As I understand this, I need to add registry values for Office apps.
Expand Post - george.todor1.518182597356543E12 (Vendor Management)
Hello,
From the documentation above I did manage to find the reg keys:
Deploying registry keys on a single machine
Before rolling out the registry key changes to all machines, you can test the implementation by applying the changes to individual machines.
To apply this on a single machine, create a .reg file on the machine with the following content inside of it:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\MAIN\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149]
"iexplore.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet
Explorer\MAIN\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149]
"iexplore.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"DisableAuthNegotiateCnameLookup"=dword:00000001
Deploying registry keys through Group Policy
To deploy the registry key changes across your org, you will use Group Policies.
In order to create a group policy to apply broadly, do the following as a domain administrator from your domain controller:
Launch Active Directory Users and Computers.
Right click in the navigation structure and select New > Organizational Unit (OU).
Name the OU. This will be the computers OU used for this change
From a domain controller run the command gpedit.msc to open the Group Policy Editor.
In the Group Policy Management console, right click on Group Policy Objects.
Select New, to create a new group policy object (GPO).
Name the GPO and leave Source Starter GPO set to (none).
Right click on the new GPO and select Edit
Navigate to Computer Configuration > Preferences> Windows Settings > Registry
Right click on Registry and select New Item, enter the following items values.
I did add them above, also below then you have the steps to implement them with group policy.
More info about this is in the documentation in the previous answer under "Deploy registry keys to client machines".
Thank You.
Expand Post - mike.davie1.5312945692819849E12 (Customer First Programs)
Hello!
Thanks for posting your inquiries in Okta Community Portal.
If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer."
Thank you,
Mike Davie
Okta Help Center
Expand Post - petri.rantanen (Secure Cloud Finland Oy)
Thank you. I have been working with this all day. I forget add external ip-address in network zone :(. That solve most of problems. Agentless SSO is now working with Chrome and Office 365 local apps, still have kerberos problem with Internet Explorer 11 (why someone want use IE?). I open support case. I sent update how it went.
- petri.rantanen (Secure Cloud Finland Oy)
And you don't need to add any "extra" registry keys/values for O365 local apps.
- 0nzxo (0nzxo)
Following this post as well.
@Petri Rantanen what was meant by adding an entry for GoToMeeting? What needs to be added, did you get any clarification on that or other apps outside of the scope of Office 365 local apps (Office Think Client Apps) ?
Thank you,
Mike
Expand Post - petri.rantanen (Secure Cloud Finland Oy)
That GoToMeeting part in the documentation is very confusing, i don't know why it's there and what does it mean.
I have only try Chrome and Office apps, i will do more testing next week, IBM Connection Cloud, Mepco, Siemens PLM, Teamcenter...
- 0nanf (0nanf)
ARG, i make stupid copy/paste mistake. I copy reg-file to the test workstation and there was an error in IE section.
Now IE SSO is working.
- xpssp (xpssp)
Hi All,
I am able to configure Agentless DSSO and it is working fine in IE however with Chrome I am getting authetication popup and post timeout it takes me to OKTA login page.
I have updated the registry key value for chrome too but i am still getting the popup.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"DisableAuthNegotiateCnameLookup"=dword:00000001
My understanding is that Chrome picks IE settings but in my case its behaving differently. Is there anyone who saw similar issue during the implementation and how this can be fixed.
Regards,
Anurag
Expand Post
This question is closed.
Hello,
From the documentation above I did manage to find the reg keys:
Deploying registry keys on a single machine
Before rolling out the registry key changes to all machines, you can test the implementation by applying the changes to individual machines.
To apply this on a single machine, create a .reg file on the machine with the following content inside of it:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\MAIN\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149]
"iexplore.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet
Explorer\MAIN\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149]
"iexplore.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"DisableAuthNegotiateCnameLookup"=dword:00000001
Deploying registry keys through Group Policy
To deploy the registry key changes across your org, you will use Group Policies.
In order to create a group policy to apply broadly, do the following as a domain administrator from your domain controller:
Launch Active Directory Users and Computers.
Right click in the navigation structure and select New > Organizational Unit (OU).
Name the OU. This will be the computers OU used for this change
From a domain controller run the command gpedit.msc to open the Group Policy Editor.
In the Group Policy Management console, right click on Group Policy Objects.
Select New, to create a new group policy object (GPO).
Name the GPO and leave Source Starter GPO set to (none).
Right click on the new GPO and select Edit
Navigate to Computer Configuration > Preferences> Windows Settings > Registry
Right click on Registry and select New Item, enter the following items values.
I did add them above, also below then you have the steps to implement them with group policy.
More info about this is in the documentation in the previous answer under "Deploy registry keys to client machines".
Thank You.