In today's world, many IT administrators are trying to cut back on authentication prompts while remaining secure. Some organizations decide to put all their practical applications behind Identity Providers (IdPs). These applications are typically configured with SAML2.0 (SSO) for a seamless end-user experience. For most administrators, this would be enough, and the end-user would only have to remember two passwords. Their Windows credentials and their IdP credentials. But what if there was a way to cut this down to just one password? With Okta Agentless Desktop SSO (ADSSO), that is a possibility.
What is Okta Agentless Destkop SSO?
Okta's ADSSO enables your users to authenticate into Okta when they successfully log into a machine using their Windows network credentials automatically. Following successful authentication, users can easily and quickly access applications through Okta without entering additional usernames or passwords. Making it, so users only have to remember one set of credentials.
Does ADSSO work on non-domain joined machines?
No, it would be best if you were on a domain-joined machine with network access to authenticate using ADSSO successfully. However, if you are using a VPN, ADSSO will work.
Will we have to install agents on client machines to use ADSSO properly? No, Kerberos validation is done on Okta Servers.
Does ADSSO support Just in Time Provisioning(JiT)? Yes, JiT provisioning is supported while using ADSSO as long as the user is in a valid OU syncing to Okta. The user and their group memberships will be pulled in when the JiT provisioning is triggered.
What are the prerequisites for ADSSO?
- Okta tenant or a sandbox environment if you are testing
- An Active Directory (AD) domain has been deployed and integrated into your Okta tenant.
- Okta super administrator permissions
- A Windows Server with Active Directory installed and configured
- Domain administrator permissions or sufficient permissions to configure a Service Principal Name account.
- Domain joined client machine.
FAQ: Okta's Agentless Desktop
Is there a diagram that can help me understand the ADSSO workflow?
Okta ADSSO diagram and infograph.