'I know SSO, but what is this so-called Desktop SSO? How does it make my life easier?'
21/07/19 – Author: Grace Maher – Certified Splunk Consultant
We are all used to a traditional SSO portal, a centralised location for us to all sign into and access our applications without the need to know what your password is, and an easy way of enforcing multi-factor authentication and security policies. Desktop SSO extends this functionality to your workstation and automatically authenticates you via Okta, whenever you sign-in to your windows network. So how does this benefit you? Well the biggest benefit to end users is the superior user experience with seamless integration into their desktop shortcuts for applications including O365, Salesforce, Workday and more. This often leads to improved productivity in end users and prevents credential sharing for applications that are accessed via a browser, resulting in less potential security incidents too.
Traditionally desktop SSO was often overlooked due to the requirement of deploying IWA agents or similar, leading to potential maintenance overheads and issues with kerberos validation requiring the deployment to be highly available. Okta has the incredible ability of providing Desktop SSO without the need for IWA agents, with Okta handling the Kerberos validation. Okta can also provide the traditional style of SSO deployment via IWA agents, if this should suit your environment more, providing you more flexibility for now and for the future.
So, how can we authenticate desktop users, without an agent in Okta? By using the integration between Okta and your Active Directory with the ability to create a Service Principal Name (SPN), we can send registry keys to the client machines which allows the CNAME alias’ to be resolved to the Okta org. This set-up is relatively simple to complete and can often be done within a 2-hour remote session with an engineer, or done yourselves with appropriate documentation.
Imagine being the “ninja” of authentication, without the need for huge amounts of administration or agents? If you are interested in hearing more about desktop SSO, or a demo of Okta, please do not hesitate to get in touch at firstname.lastname@example.org.