> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta_KerberosSSO

> Agentless desktop SSO relationship from on-prem AD user account to Okta AD application

<img noZoom src="https://mintcdn.com/specterops/tTIczgde9H07oLXf/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=tTIczgde9H07oLXf&q=85&s=ad49a576589f4d2a8081df77d07fdf56" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

## Edge Schema

* Source: [User](/resources/nodes/user)
* Destination: [Okta\_Application](/opengraph/extensions/okta/nodes/okta_application)
* Traversable: ✅

## General Information

Hybrid traversable Okta\_KerberosSSO edges represent [agentless desktop SSO](https://help.okta.com/en-us/content/topics/directory/ad-dsso-about-workflow.htm) trust from an on-prem AD User account to an AD-backed [Okta\_Application](/opengraph/extensions/okta/nodes/okta_application).

```mermaid theme={null}
graph LR
    subgraph ad["Active Directory"]
        d1("Domain contoso.com")
        u1("User SPN:HTTP/contoso.kerberos.okta.com")
        u2("User jane.doe\@contoso.com")
        d1 -- "Contains" --> u1
        d1 -- "Contains" --> u2
    end
    subgraph okta["Okta"]
        app1("Okta_Application contoso.com")
        u3("Okta_User jane.doe\@contoso.com")
        app1 -. Okta_UserPull .-> u3
    end
    u1 -- Okta_KerberosSSO --> app1
    u2 -. Okta_UserSync .-> u3
```