Using OKTA as IDP with IWA Web Agent for Desktop SSO


Have a general question about the IWA Web Agent for Desktop SSO.

We host a couple of applications for a customer and would like to support SSO (from AD accounts on premise on the customer network). Custom accesses the apps from their corporate network after logging into to their domain. The IWA Web Agent for Desktop SSO seems like a good option for SSO as we need to be able to automatically log them into the app if they are logged into their computer with the AD credentials.

The IWA authentication flow diagram here describes the auth flow (diagram 1):

However each hosted app has differing support for SSO. One app can only use OAUTH2 (OpenID Connect) and the other can use SAML based tokens or WIA.

So in the diagram above, the last stage it described Okta completing the auth and returning back to the app with the SSO token.

My question is, can it be configured to return auth token to a redirect URI to be then used in OAUTH2 authorisation code flow mechanism for app1 and be configured to return SAML SSO Token (or use WIA) for logging into app2

Effectively, depending on whether accessing app1 or app2, we need Okta to be able to use different auth mechanisms and flows depending on the app being accessed.


Yes, IWA SSO will work with both SAML and OAuth/OIDC apps, IWA is allowing you to get a session token with Okta then the specific protocol flow will occur to generate the corresponding auth token