Azure AD Direct Integration Skip to main content
https://support.okta.com/help/answers?id=9062a000000dfp1qag&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Mike TrivetteMike Trivette 

Azure AD Direct Integration

Is there currently a way to directly connect Okta directory to our Azure AD implementation without having to spin up a separate VM that simply provides the AD Connector? We only have Azure AD, and are managing windows 10 clients that directly connect to Azure AD without the need for an on-prem AD server.

We were hoping to directly connect our Azure AD with Okta without the extra server, but I haven't found any documentation anywhere that would allow that. Does anyone have any ideas?
Rico JardineroRico Jardinero

Hi Mike, I believe what you are asking is the same/similar to what we are looking for as well.  *We have On-Prem AD, and have the Azure AD Connect (just a shrink wrapped version of MIIS>ADFS) server already working.  But the part we are stuck on is that OKTA must support "MEX" endpoint settings which are arcane to Microsoft (https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup (https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup" target="_blank)).  This is basically the same point you are looking for; "How To" join (windows 10) devices via Azure AD though you are not using ADFS; you like us are using OKTA.

The note from OKTA Support is as follows:

"the integration that is in discussion cannot be implemented for the moment as Okta's  /MEX endpoint does not hold the WS-Trust info needed for domain join devices. But we do have an open feature request, which is being tracked on REQ-12896. Although I do not have an ETA, I have added your company to the list of interested customers."

So, if this is the same/similar as I believe, please do log a new OKTA Support Case, link this forum topic, and info above, so they can add your "Org's" name to the REQ-12896.  This will help us all.