Add SharePoint application
Before you begin
Ensure that:
- Access Gateway is installed and configured. See Manage Access Gateway deployment.
- Access Gateway uses your Okta tenant as an Identity Provider (IdP). See Configure your Okta org as an Identity Provider.
- You have administrator rights on your Okta tenant and can create groups and assign applications.
- Window server configured with IIS application and Active Directory Services running as a Domain Controller and implementing Kerberos (IWA) SSO.
Note this is an example architecture. It would be unusual in large production environments to have an application server (IIS), also be a DC. - Access Gateway DNS must be served by the Windows DNS server.
- Confirm that the external app version is supported. Supported Kerberos app versions include:
- Microsoft IIS IWA: IIS 7 or later
- Microsoft OWA IWA: IIS 7 or later
Typical workflow
| Task | Description |
|---|---|
| Review and document existing architecture |
Review existing architecture, determine ports, configuration, zones, and whether Kerberos is enabled. |
|
Configure a SharePoint specific SPN and enable Kerberos as required. |
|
| Configure SharePoint as Kerberos | Configure SharePoint support for Kerberos. |
| Configure SharePoint as IIS IWA application | Run Microsoft SharePoint IWA wizard and configure SharePoint as an IIS IWA application. |
| Configure SharePoint to work with a reverse proxy | Configure SharePoint to work with Access Gateway as a reverse proxy. |
| Test | Test the SharePoint integration. |