Active Directory Integration with Okta

Okta Inc. 301 Brannan Street, Suite 300San Francisco CA, 94107

[email protected] 1-888-722-7871

OKTA WHITE PAPER

Active Directory Integration with Okta An Architectural Overview

wp-adint-113012

Active Directory Integration with Okta

Table of Contents1 ActiveDirectoryandtheCloud:AnOverview3 ActiveDirectoryandCloudApplicationswithOkta4 OktaActiveDirectoryIntegrationforAllYourCloudApps5 SimpleandSecureSetupandConfiguration7 IntelligentUserSynchronization8 Just-in-TimeUserProvisioning8 Simple-to-UseDelegatedAuthentication10DesktopSingleSign-On11SelfServicePasswordResetSupport11SecurityGroup–DrivenProvisioning12One-ClickDeprovisioning12SingleSign-OnforADAuthenticatedApps13Conclusion—ExtendActiveDirectorytotheCloudwithOkta13OktaActiveDirectoryAgentDetails14OktaIWAWebApplicationDetails14AboutOkta

| 1Active Directory Integration with Okta

Active Directory and the Cloud: An OverviewFormostcompanies,MicrosoftActiveDirectory(AD)playsthecentralroleincoordinatingidentityandaccessmanagementpolicies.ADtypicallyservesasa“sourceoftruth”foruseridentities,anditprovidesaccesscontroltoon-premisesresourcessuchasnetworks,fileservers,andwebapplications(seeFigure1).Whenon-premisesapplicationsareintegratedtoActiveDirectory,usersgetthebestpossibleexperience:theylogintotheirdomainonceandaregrantedaccesstotheappropriateresources.Administratorsbenefittoo—theymaintainclearcontroloverwhohasaccesstowhat.ThismodelisubiquitousbecauseitworkswellwithLAN-basedarchitectures(whereapplicationsareservedfromhardwareinsidethefirewall).Butaswe’llshow,thisapproachbeginstobreakdownasenterprisesshifttocloud-basedapplications, andanewsolutionisneeded.

Figure1:ActiveDirectoryforon-premises applicationuseridentities

Abyproductofthetransitiontocloudapplicationsistheproliferationofseparateuserstores;eachcloudapplicationtypicallyisrolledoutindependentlyandthereforehasitsownuniquedatabaseofusercredentials(seeFigure2).Thisisaminornuisancewithonlyoneortwoapplications,butascompaniesadoptmoreandmorecloudapplications,administratorsarefacedwithanunmanageablenumberofdifferentuserdirectories.Andthisproblemisonlygettingbigger.Users’passwordsproliferatewitheachnewapplication,andadministratorsquicklylosecontroloverwhohasaccesstowhat.Worsestill,whenanemployeeleaves,mostcompaniescannoteasilyandaccuratelyidentifywhichaccountstodeactivate,nordotheyhaveanyauditingcapabilitiestoensurethenecessarydeprovisioningoccursinatimelymanner.


Figure2:Adoptionofcloudapplicationsleadstoproliferationofuserstores

Onesolutiontotheproblemofindependentuserstoreproliferationistoattempttointegrateallcloudapplicationstoasingle,sharedidentitystore(seeFigure3).ActiveDirectoryisbyfarthemostconvenientoptionforthis,asitcanprovideidentitymanagementforbothon-premisesandcloud-basedapplications.SomecloudapplicationvendorsprovideAPIsortoolkitsthatallowenterprisestotrytoconnecttheapplication’sstandaloneidentitystorestoActiveDirectory.However,integrationviaAPIsrequirescustomdevelopment,andeachofthetoolkitsisdifferentandcanoftenrequire significantinvestmentinsetup,equipment(hardwaretoruntheconnectorsoftware), andmaintenanceastheapplicationschangeovertime.Asthenumberofcloudapplicationsincreases,thismodelofper-appADintegrationsbecomesprohibitivelyexpensive.Thereisalwaysthenextnewapplicationthatthebusinessneedstorun.

Active Directory and Cloud Applications with Okta

Figure3:IntegratingADwithmultiplecloudapplicationsiscostlyanddifficulttomaintain


Okta’scloud-basedidentityandaccessmanagementservicesolvestheseproblemswithasingleintegrationpointthatprovidesahighlyavailablesolutionforallcloudandweb-basedapplicationADintegrations.

Oktaeliminatesthepitfallsthatcomewithtryingtobuildandmanagemultipleon-premisesADintegrationsyourself:

PitfallofDIYADintegrations OktaApproach

Doyouhavethecorrectskillset todeveloptheseintegrations?

WithOkta,integrationsdonotrequireprogrammingordevelopmentexperience andcanbeaccomplishedinminutes throughoureasy-to-useinterface.

Howwillyouupgradeand maintainintegrations?

OktaworkswithISVsandmonitorschanges andupgradestoexistingAPIstotakeadvantage ofthelatestfunctionality;wereleaseupdatesweeklytoreflectchanges.

Howdoyoumonitorthehealth oftheintegration?

Oktacontinuouslymonitorsandtestsexistingintegrationstoensurethattheintegrationfunctionsasexpectedafterupgradesandreleases.

Whichprotocolwillyouusetoconnect toeachcloudapplication?

OktaeliminatestheneedtoknowSAML, OAuth,SCIM,andnumerousother integrationprotocols,becauseOkta managestheseintegrationsforyou.

Whathappenswhentheserverrunningyourhome-grown,toolkit-basedintegrationfails?

Oktaautomaticallyenablesfailoverrecovery witharedundant-agentarchitecture.

Howwillyouintegrateyourcloudappwith amultipledomainADconfiguration?

Oktahasbuilt-insupportformultiple ADdomainenvironments.

Whatfirewallchangesareneededfor eachcloudapp-to-ADintegration?

WithOkta,therearenofirewallchanges neededtosupportADintegration.

CanyourusersresettheirADpasswordeasily? OktaincludesaselfservicepasswordresetoptionthatsavesusersandITadminstimeandmoney.

Onceinplace,OktaprovidesaninfrastructurethatallowscompaniestofreelypursuenewcloudapplicationswhilestillleveragingActiveDirectoryfortheiremployeeuseridentities.ThisallowsuserstoaccessanycloudappusingtheirexistingADcredentials;itenablesITadminstocontrolaccesstothoseapplicationsfromasinglecontrolpanel;anditcombinesADsecuritygroupswithindividualuserassignments.


Okta Active Directory Integration for All Your Cloud AppsOktaoffersacompleteandeasy-to-useActiveDirectoryintegrationsolutionforcloudandon-premiseswebapplications.TheOktaon-demandIdentityandAccessManagementserviceprovidesuserauthentication,userprovisioningandde-provisioning,anddetailedanalyticsandreportingofapplicationusage,forbothcloudapplicationsandon-premiseswebapplications.AkeycomponentofthisserviceisOkta’sADintegrationcapability,whichisveryeasytosetupandisarchitectedforhighavailability.Inaddition,Oktamaintainstheintegrationsforyou,withthousandsofapplicationssupportedinOkta’sApplicationNetwork.

ForADintegration,Oktaprovidestwolightweightandsecureon-premisescomponents:

• OktaActiveDirectoryAgent:AlightweightagentthatcanbeinstalledonanyWindowsServerandisusedtoconnecttoon-premisesActiveDirectoryforuserprovisioning,de-provisioning,andauthenticationrequests.

• OktaIntegratedWindowsAuthentication(IWA)WebApplication:AlightweightwebapplicationthatisinstalledonanInternetInformationServices(IIS)andisusedtoauthenticatedomainusersviaIntegratedWindowsAuthentication.

TheOktaADAgentandtheOktaIWAWebAppcombinewiththeOktacloudserviceitselftoformahighlyavailable,easytosetupandmaintainarchitecturethatsupportsmultipleusecases.Thispaperprovidesadditionaldetailsaboutthisflexiblearchitecture.

Figure4:OktaforActiveDirectoryarchitecture:oneintegrationforallwebapplications


Okta’sADIntegrationoffersthefollowing:

• SimpleandSecureSetupUpandConfiguration

• IntelligentUserSynchronization

• Just-in-TimeUserProvisioning

• RobustDelegatedAuthentication

• IntegratedDesktopSingleSign-On(SSO)

• SelfServicePasswordResetSupport

• ADSecurityGroup-drivenProvisioning

• AutomatedOne-ClickDe-provisioning

• SingleSign-OnforADAuthenticatedApps

Simple and Secure Setup and ConfigurationWithOkta,enablingADintegrationisasimplewizard-drivenprocess.WithoneclickfromtheOktaadministrativeconsole,youcandownloadtheOktaActiveDirectoryagentandinstallitonanyWindowsServerthathasaccesstoyourDomainController.TheOktaADAgentrunsonaseparateserverfromyourdomaincontroller.

Figure5:TheActiveDirectoryinstallationprocess


Duringinstallation,yousimplyenteryourOktaURLandADAdministratorcredentialsandtheOktaADAgentcreatesalow-privileged,read-onlyintegrationaccountandthensecurelyestablishesaconnectionwithyourOktainstance—nonetworkorfirewallconfigurationrequired.

TheOktaADAgentconnectstoOkta’scloudserviceusinganoutboundport443SSLconnection.Thisconnectioniscycledevery30secondstoensurecompatibilitywithanyexistingfirewallsorothersecuritydevices.Asaruleofthumb,ifausercanlogintothehostmachineusingADcredentialsandcanaccesstheInternetfromabrowser,theOktaADAgentwillworksuccessfullyandwillrequirenofirewallchanges.

Figure6:OktaADAgentconnectionisSSLencrypted overPort443.Nofirewallchangesneeded.

CommunicationwiththeOktaADAgentissecuredusingSSLand mutualauthentication,specifically:

• OktaADAgenttoOktaService:TheAgentauthenticatestheservicebyvalidatingtheOktaserverSSLcertformycompany.okta.com.TheserviceauthenticatestheAgentusingasecuritytokengiventotheAgentonregistration.TheregistrationprocessrequiresOktaadministratorcredentialsbeforegeneratingthesecuritytoken.ThesecuritytokenisspecifictoeachAgentandcanberevokedatanytime.

• OktaADAgenttoDomainController:TheAgentauthenticateswiththeDomainControllerusingthelow-privileged,read-onlyintegrationaccountthatwas createdduringtheagentinstallprocess.


Intelligent User SynchronizationOncetheOktaADAgentisinstalledandtheinitialuserimporttakesplace,Oktaintelligentlyprocessestheresultsoftheuserimport.MatchingalgorithmsareappliedtoanalyzetheincomingADusersandtodetermineifthereisamatchtoexistingOktausersortoaccountsthatyouhaveimportedfromothercloudsystems(e.g.,GoogleApps).Futureuserimportscanbesettoascheduleorperformedondemand.

Figure7:TheActiveDirectoryimportprocess

Adding a UserWhenauserisaddedtoActiveDirectory,thenewobjectisdetectedbytheOktaADAgentandautomaticallyaddedtotheOktaservice.Onlynecessaryfieldsaretransmitted,includingname,UPN,SAMAccountName,emailaddress,andsecuritygroupmembership.

TheOktaADAgentneversendspasswordstoOkta’scloudservice.ExistingaccountsinmanagedappssuchasSalesforce.comorWebExcanbeimportedandautomaticallymatchedagainstActiveDirectoryusersbasedonexplicitrulesorheuristicmatching.


Just-in-Time User ProvisioningAsnotedabove,userprovisioningisverysimplewhenOkta’sADintegrationin place:anynewusersaddedtoADareautomaticallyprovisionedtoOktaandto theirdesignatedcloudandweb-basedapplications.

However,Oktahasanadditionaloptiontoprovisionusersevenfaster:just-in-timeprovisioning.Withjust-in-timeprovisioning,ITadminscanallownewuserstobeautomaticallycreatedinOktaprovidedtheyalreadyexistinActiveDirectory. Inthisway,validADuserscanprovisionthemselvesautomaticallyintoOkta (andtotheappropriatecloudapplicationsasaresult).

Theprocessforjust-in-timeprovisioningis:

1.AuserwhopreviouslywasnotprovisionedintheOktaserviceattemptsto logintomycompany.okta.com.

2.OktaandtheOktaADAgentchecktheusercredentialsagainstActiveDirectory.

3.IftheuserisactiveinAD,anewuseraccountisautomaticallycreatedinOkta. ThenewuseraccountleveragestheirexistingADcredentials.

4.DependingontheirADsecuritygroupattributes,theuserisautomaticallyprovisionedtodownstreamcloudandwebapplicationsviatheOktaservice.

Just-in-timeprovisioningallowsITadminstoincreaseuseradoptionofboththe Oktaserviceandofallassignedcloudapplications,whileleveragingtheAD credentialsthattheirusersalreadyknow.

Simple-to-Use Delegated AuthenticationOkta’sADintegrationsupportalsoallowsyoutodelegatetheauthenticationofusersintoOktatoyouron-premisesADDomaininstead.Thatis,userloginattemptstomycompany.okta.comwillbecheckedagainstActiveDirectoryforauthentication.UserscantheneasilylogintoOktausingtheirOktausernameandActiveDirectorypassword.

Morespecifically,theprocessis:

1.TheusertypeshisusernameandpasswordintotheOktauserhomepage. ThisloginpageisprotectedwithSSLandasecurityimagetopreventphishing;multi-factorauthentication(extrasecurityquestionorsmartphonesoft token)canbeenabledaswell.

2.TheusernameandpasswordaretransmittedtoanOktaADAgent runningbehindthefirewallovertheSSLconnectionthathadbeen previouslybeenestablishedduringsetup.


3.TheOktaADAgentpassesthosecredentialstotheADDomain Controllerforauthentication.

4.TheADDomainControllerrespondswithayes/noanswer,validating theusernameandpassword.

5.Theyes/noresponseistransmittedbacktotheOktaservicebythe OktaADAgent.Ifyes,theuserisauthenticatedandsenttohisOkta MyApplicationsuserhomepage.

Figure8:DelegatedauthenticationtoActiveDirectory

TheuserexperienceforDelegatedAuthenticationtoADissimple:

1.LogintoOktahomepage;launchapp

2.OktalookstoADtoauthenticateusers

3.Ifvalid,OktaSSOsintocloudapps

BecausethisfeaturegovernsuseraccessintoOkta,thearchitecturesupportsmultipleOktaADAgentsrunninginyourenvironmenttoprovideredundancy.IfoneoftheOktaADAgentsstopsrunningorlosesnetworkconnectivity,theauthenticationrequestsareautomaticallyroutedtotheotherOktaADAgents.

Withthisauthenticationmechanism,theuser’spasswordisneverstoredintheOktaserviceandActiveDirectoryismaintainedastheimmediateandultimatesourceforcredentialvalidation.BecauseADisalwaysrelieduponforuserauthentication,changestotheuser’sstatus(suchaspasswordchangesordeactivations)arereflectedimmediatelyintheOktaservice.


Desktop Single Sign-OnOktasupportsDesktopSingleSign-On,extendinglocalusers’WindowsdomainloginprocedurestograntaccesstoOktaandtotheircloudapplications.Okta’sADintegrationusesMicrosoft’sIntegratedWindowsAuthenticationtoseamlesslyauthenticateuserstoOktathatarealreadyauthenticatedviatheirWindowsdomainlogin.YousimplydownloadandinstallOkta’sIWAwebapplication,configuretherelevantIPranges,andthesetupiscomplete.

Figure9:DesktopSSOwithOktaIWAwebapplication

Thebehind-the-scenesstepsthatenableseamlesslogintotheOktaservice viaDesktopSingleSign-On(showninFigure9)are:

1.Usernavigatestohttps://mycompany.okta.com.

2.TheuserisredirectedtothelocallyinstalledIWAwebapplication.

3.TheIWAwebapplicationtransparentlyauthenticatestheuser viaIntegratedWindowsAuthentication(Kerberos).

4.TheuserisredirectedbacktotheOktaloginpagewith cryptographicallysignedassertionscontaininghisADuseridentity.

5.TheOktaservicevalidatesthesignedassertionsandsendsthe userdirectlytohisOktahomepage.

Notethatalloftheabovestepsaretransparenttotheuser.Theuserexperienceissimple:navigatetohttps://mycompany.okta.comandthenlandimmediatelyontheuserhomepagecontaininglinkstoallofhisassignedapplications.Alternatively,ausercansimplyclickalinkcorrespondingtoaparticularapplicationandthenbeautomaticallysignedintothatapplication.TheauthenticationtoADbehindthe scenesistransparenttotheuser.

Lastly,remoteusersorusersoutoftheofficecontinuetofindandSSOintoall oftheircloudapplicationsbysimplyvisitingtheOktauserhomepage.


Self Service Password Reset SupportYouruserscanalsochangetheirActiveDirectorypasswordviaOkta.Whenauser’s ADpasswordexpiresorisresettheywillautomaticallybepromptedtochangeitthenexttimetheylogintoOkta.UserscanalsoproactivelychangetheirADpassworddirectlyfromtheaccounttabontheirOktahomepage,andOktakeepsallofthesecredentialssynchronizedwithAD.

Security Group–Driven ProvisioningOkta’sservicehasagroupfeaturethatcanbeusedtodrivebulkapplicationprovisioningandassignmentstoOktausersaccordingtowhatgroupstheyaremembersof.OktaallowsyoutomapActiveDirectory’ssecuritygroupstonative Oktagroupsand,asaresult,toautomaticallyprovisionapplicationstousers basedontheirmembershipwithinADsecuritygroups.

WhenyouaddausertoAD,youcanplacehiminasecuritygroup,andduringautomaticsynchronizationwithOkta,thatuserwillbeadded,andaccountsintheapplicationsmappedtothatsecuritygroupwillbeautomaticallyprovisionedontheirbehalf.Application-specificparameterssuchasrole,profile,anduserinformationareautomaticallysetbasedonrulesdefinedwithintheOktaserviceaswell.Forexample,arulecanbedefinedwithinOktathatensuresthatallmembersoftheADsecuritygroup“Sales”areprovisionedanaccountinSalesforce.comandgivenaccesstoit.

TheresultisthatwhenauserisaddedtoActiveDirectory,allofthetasksrequiredtogivehimaccesstohiscloudandweb-basedapplicationsarehandledautomatically.Thisgreatlyreducestheprovisioningtimefornewemployees,andallowsITadminstocontinuetouseADastheirstartingpointforuseraccess.

Whenauser’sSecurityGroupmembershipchanges,thechangeisdetectedbytheOktaADAgentandisrelayedtotheOktaService.Whenthishappens,theassignmentrulesarerecomputed.Theserulestriggerapplicationstobenewlyassigned,existingapplicationassignmentstoberemoved,oruserpropertiestobeupdatedonthedownstreamapplications.

Newandupdatedapplicationassignmentsworkexactlythesame.Allofthestepstoprovisiontheaccount,setupSSO,andupdatetheuser’sMyApplicationshomepagearehandledautomatically.Deletionsarehandledsimilarly.Ifauser’saccesstoanappisremoved,heisimmediatelylockedoutfromusingSSOtoaccessthatapplication.TheapplicationaccountisthendeactivatedbytheOktaservice,orifthatcannotbedoneautomatically,anadministrativetaskiscreatedthatmustbeclearedonce theaccounthasbeendeactivatedmanually.AlloftheseactionscanexecuteautomaticallyorafterconfirmationbyanOktaadministrator.


Figure10:OktaenablesSSOforADauthenticatedinternalwebapplications

Single Sign-On for AD Authenticated AppsMostenterpriseshaveon-premiseswebapplicationsthatcaneasilybeintegratedintoOkta’sSSOsolution.ManycompaniesalsohavewebapplicationsthatuseActiveDirectorycredentialsforauthentication.TheseapplicationsarenotusingIntegratedWindowsAuthentication,butinsteadrequiretheusertoentertheirADcredentialswhentheysignin.WhenOktaisconfiguredtodelegateauthenticationtoActiveDirectory,signingintotheseinternalwebapplicationscanalsobeautomated.

Thebehind-the-scenesstepsthatenableSSOforADauthenticatedinternalwebapplications(showninFigure10)are:

1.OktaisconfiguredtodelegateauthenticationtoAD.

2.Customerhason-premisesappsauthenticatingtoAD.

3.UserlogsintoOktawithADcredentials.

4.UseraccessesApp1andApp2withSWAusingADcredentials.

5.App1andApp2authenticateuseragainstAD.

One-Click DeprovisioningUserdeactivationistypicallytriggeredfromastandardcorporateidentitystoresuchasActiveDirectory.WithOkta’scentralizeddeprovisioning,deactivatingauserinADimmediatelyinitiatesadeprovisioningworkflowtoensuremaximumeffectivenessinpreventingunauthorizedaccesstoOktaandothercloudapplications.TheworkflowgeneratesanotificationtoadministratorsandguidesITtocompleteanynecessarymanualdeprovisioningtasksassociatedwithaparticularuserorapplication.Further,thisworkflowalsoservesasanaudittrail;withinOktatheentireaudittrailis capturedforreportingandauditpurposessothatyoucaneasilygenerate historicaldeprovisioningreportsbyuserorbyapplication.


OktacanleverageitsSecureWebAuthenticationprotocoltoautomaticallylogusersintotheseinternalwebapplications.WhenaninternalwebapplicationisconfiguredtodelegateauthenticationtoAD(thesamesourcetowhichOktadelegatesauthentication),Oktacapturestheuser’sADpasswordatloginandautomaticallysetsthatpasswordforthatuserinanyapplicationsthatalsodelegatetoAD.Thisallowsuserstosimplyclickalinktoaccesstheseapplications,andthenbeloggedinautomatically.NotethatOktasynchronizestheADpasswordsecurely;ifthepasswordsubsequentlychangesinAD,thiseventiscapturedonlogintoOktaandimmediatelyupdatedinthesecurepasswordstoreforthatapplication,ensuringthatthenextloginattemptwillbesuccessful.

Conclusion—Extend Active Directory to the Cloud with OktaCompaniescontinuetoshifttheirfocusfromlegacyon-premisesapplicationstonewercloudbasedservices.Thenewercloudservicesofferenormousbenefits,bothinexpandedcapabilitiesandinloweroverallcost.Thequestiontodayisnotifyoucanmakethistransition,butratherhowfastcanyoudoit.Oneofthebiggestobstaclesinthispathismanaginguseridentitiesinawaythatisconsistentwithusers’andadministrators’experienceandexpectations.LinkingActiveDirectorytocloud servicessolvesthisproblem,andOkta’scloud-basedidentitymanagement solutionmakesitpossible.Oktaprovidesaflexible,highlyredundant,andscalablesolutionformanagingcloudidentities,anditdoessoinaservicethatiseasyto setupandisvirtuallymaintenance-free.LetOktaextendyourActiveDirectory usagetoallofyourcloudapplications—boththeappsyouusetodayand theonesyou’llneedinthefuture.

Okta Active Directory Agent DetailsTheOktaADAgentisdesignedtoscaleeasilyandtransparently.ForredundancyaclustercanbecreatedbyinstallingOktaADAgentsonmultipleWindowsServers; theOktaserviceregisterseachOktaADAgentandthendistributesauthentication andusermanagementcommandsacrossthemautomatically.Ifanyagentlosesconnectivityorfailstorespondtocommands,itisremovedfromrotationandtheadministratorisnotifiedviaemail.Inparallel,theOktaADAgentwillattempttoreconnecttotheserviceusinganexponentialback-offcappedat1-minuteintervals.


About OktaOkta is an enterprise grade identity management service, built from the ground up in the cloud and delivered with an unwavering focus on customer success. The Okta service provides directory services, single sign-on, strong authentication, provisioning, workflow, and built in reporting.

Enterprises everywhere are using Okta to manage access across any application, person or device to increase security, make people more productive, and maintain compliance. The hundreds of enterprises, thousands of cloud application vendors and millions of people using Okta today also form the foundation for the industry’s fastest growing, vendor neutral Enterprise Identity Network.

The Okta team has built and deployed many of the world’s leading on-demand and enterprise software solutions from companies including Salesforce.com, PeopleSoft, Microsoft, BMC, Arcsight, Sun, and HP. Okta is backed by premiere venture investors Andreessen Horowitz, Greylock Partners, Khosla Ventures and Sequoia Capital.

For more information, visit us at www.okta.com or follow us on www.okta.com/blog.

System Requirements for Okta AD AgentThefollowingareminimumsystemrequirementstosupporttheOktaADAgent:

• WindowsServer2003R2orlater

• 20MBofmemoryforservice

• ADServiceAccountcreateduponOktaADAgentinstallation Herearesuggestedsystemrequirements:

• 256MBofmemoryforservice

• DedicatedADServiceAccountwithDomainUserspermissions

• SeparateserverfromDomainController(canbeshared)

Okta IWA Web Application DetailsOktaIWAisalightweightIISwebappthatenablesdesktopSSOwiththeOktaservice.TheOktaIWAwebapplicationinstallsonWindowsServer2008 inWebServerRole.TheinstallerconfiguresIISandallWindowscomponents.

System Requirements for Okta IWA Web Application Thefollowingaresystemrequirementsnecessarytosupport theOktaIWAwebapplication:

• WindowsServer2008inWebServerRole• 50MBofmemory

Active Directory Integration with Okta

Documents

Transcript of Active Directory Integration with Okta