Test the agentless Desktop Single Sign-on configuration

Although testing your agentless Desktop Single Sign-on configuration is optional, Okta recommends that you test the agentless DSSO changes before implementing widespread changes to your org.

  1. Create a service account and configure a Service Principal Name.
  2. Configure browsers for agentless Desktop Single Sign-on on Windows or Configure browsers for agentless Desktop Single Sign-on on Mac.
  3. Enable agentless Desktop Single Sign-on in test mode.
  4. Optional. Enable Kerberos event logging. See https://support.microsoft.com/en-us/help/262177/how-to-enable-kerberos-event-logging.
  5. Validate the agentless Desktop Single Sign-on configuration by signing in using the direct Agentless DSSO endpoint URL:

If agentless DSSO is configured correctly, you can sign in without being prompted for credentials. If you experience problems signing in, make sure you have completed all of the implementation procedures.