Provide Okta as an IDP on a Azure AD to access application authenticated through the AAD
We are wanting to integrate Okta as an IDP for Azure AD and would like to enable users from Okta to have federated access to applications that are managed in an Azure Active Directory.
This will entail having okta added as a Identity Provider (IDP) to enable access and authenticate with our applications hosted in Azure and are managed by the AAD. I have looked at the comparability and Okta is supported to be added as an IDP in Azure (https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-federation-compatibility#okta). However, I couldn't find any documentation on how to add that as an IDP.
I Have a few questions regarding this; Can we use Okta and add it as an IDP in our Azure B2B AD.? Will this be achieved by implementing SSO (Single Sign on), what is the preferred protocol to be used in this scenario for Authentication? 'SAML' or OAuth and OpenID Connect.
If there is an alternative or easier way, such that, users from OKTA are able to sign in to an Identity provided by Azure AD. Is MFA supported in OKTA for the said users? It seems if we go down the SAML route, we would have to change our AD to a custom domain which we currently don't have (we are using the Microsoft default for our AD "onmicrosoft.com").
I have skimmed over these links but couldn't find any straightforward answer;
Azure App Service only supports five IDPs out of the box and Okta is not one of them. To configure Okta as the IDP for this particular scenario, you will need to configure the Template WS Federation Application in Okta and set up custom authentication for Azure.
Here's some helpful articles from Microsoft on the related topic (you may have already reviewed this but just FYI).