O365, MDM, OKTA (SSO/IDP) Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Justin Che_adminJustin Che_admin 


Hello all,

Here is ym scenario:
Hosted O365, OKTA (WFS setup), third party MDM, on prem AD

Only allow access to ActiveSync via native app in iOS and specific app on Android.
That means anything else is blocked.
Blocking/Quarantining all from O365 first then allowing it after poses risks as a user can simply comply for the initial white list of device then simply move onto native application without security.

MDM provider doesnt allow that kind of management for multi OS, O365 is limited in what they can do since they want to push INTUNE, and the only option left is to use claims rules.

Since OKTA is our iDP and we have federated with O365, we thought we could just run claim rules, but thats not possible as theres no ADFS server to run off of.

Is it possible to acheive what we are looking for with OKTA?

George HasieganGeorge Hasiegan (Okta, Inc.)
When Okta is configured for WS-Federation, Okta is strictly going to be handling authentication for Office 365.  Okta will not impact other functionality in Office 365 and you can continue performing other administrative tasks on the Office 365 side. It appears that Office 365 being federated with another identity provider would not impact the use of the MDM.
Please review the Microsoft document on support for Modern Authentication as I suspect you wouldn't experience any issue with any of the rich-clients on this (https://blogs.office.com/2015/11/19/updated-office-365-modern-authentication-public-preview/) list.You can also find check our Microsoft Office 365 Deployment Guide (https://support.okta.com/help/articles/Knowledge_Article/Office365-Deployment-Guide). 

In order to implement more granular controls for O365 I would recommend to suggest this on the Okta Community by using the 'Suggest a feature' option at the bottom of the Okta admin console. Features suggested in our community are reviewed and can be voted and commented on by other members of the community, therefore making it much easier for the engineering team to understand the priorities that you have for feature requests.