I'm very new to Okta, but I need to get a head start on a very important component of our project - federation with our partner organizations. We have a partner who is interested in federating with us, and they currently use Duo Security for authentication. I know that Okta already has some Duo integration built-in, however, it seems tailored toward integrating our own company's Duo (which we do not use).
I'm thinking we would need to create an inbound SAML IdP in Okta, and then they could configure our Okta tenant as the SP in Duo, but I'm curious if anyone has worked with this scenario before and can confirm that line of thought.
Thank you for reaching out to Okta, my name is Bogdan. The only way that I can see this type of integration working is to somehow have the DUO MFA before actually federating with Okta. The users should be prompted for DUO before they are asked to sign-in into Okta, if your customer has a way that would allow them to setup a policy that would prompt their user for DUO that would be perfect. However, I would recommend opening a ticket with Okta support for us to have a better understanding of the integration that you would like.