Integrating Windows Apps w/IWA


#1

We have a Windows application that need to authenticate with Okta/IWA. The current code is implemented as an Excel plugin against an on-prem PingFederate SAML infrastructure. The existing script emulates a web browser to ultimately get a SAML session initiated and a session token for the Service Provider. Once the login is successful, the Excel plug in provides a user control for pulling data from the SP’s API into the spreadsheet.

So far we’ve not been successful at refactoring the code to work with Okta. Is there a prescribed method for integrating Windows applications (ideally as an Excel plugin) with Okta’s IWA architecture? SDKs or APIs that might be useful in this instance?


#2

The Okta IWA solution just redirects a browser via standard HTTP redirects to an on-prem IIS web-site which requires windows authentication. The browser negotiates NTLM/Kerberos and is redirect back to Okta to bootstrap a session and complete the SSO flow. I don’t know how excel hosts the web view but you may be running into IE Zone Security issues (e.g. hostname vs FQDN) that is blocking Windows authentication with the local IIS web site or your browser is not running on an IP address that is mapped in Okta as a valid network zone for IWA authentication.


#3

Thanks for the reply. We know we can authenticate to IWA through a normal browser session from the workstations that are running the Excel plug in. I was thinking an Okta authentication API might be better suited for this application rather than scripting the behavior of a browser and doing right posts and gets.