ADFS to Okta migration Skip to main content
https://support.okta.com/help/answers?id=9062a000000bmjlqay&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Nidhin C KNidhin C K 

ADFS to Okta migration

Hi Experts,

Could you please provide any article or guide that will help us to test adfs to okta SSO migration. Currently we have  O365 tenant and we are using adfs for SSO. Now we would like to test the migration from ADFS to Okta for authentication part (not provisioning) . 
Best Answer chosen by Nidhin C K
Kevin TurnerKevin Turner (Okta, Inc.)
Hi Nidhin

You can only have one federation end point for the O365 tenant, so moving it from ADFS to Okta would mean that all your users would need to be in Okta and able to authenticate through Okta. (So we would need to check this can be the case before any changes were made.)

The actual process is quite easy, you would create the Okta O365 application integration within Okta, and on the "Sign On" tab configure WS-Federation as the option. You will see the option to "View Setup Instructions".
User-added image
Directly below that you will also see two options to either configure manully via powershell or to let Okta configure it automatically. If you let Okta do it you would need to provide the details of a suitable admin account. Or if you select the manual process select the "View Setup Instructions" Here you will see two powershell commands that can be used. Use the bottom one to swicth the federation from ADFS to Okta via a powershell console connection.

PLEASE BE CAREFULL: This will affect all users. If you're wanting to test this first, it might be worth just setting up a new trial Office 365 tenant. If you're confident, then these wuld be the steps to take.

All Answers

Kevin TurnerKevin Turner (Okta, Inc.)
Hi Nidhin

You can only have one federation end point for the O365 tenant, so moving it from ADFS to Okta would mean that all your users would need to be in Okta and able to authenticate through Okta. (So we would need to check this can be the case before any changes were made.)

The actual process is quite easy, you would create the Okta O365 application integration within Okta, and on the "Sign On" tab configure WS-Federation as the option. You will see the option to "View Setup Instructions".
User-added image
Directly below that you will also see two options to either configure manully via powershell or to let Okta configure it automatically. If you let Okta do it you would need to provide the details of a suitable admin account. Or if you select the manual process select the "View Setup Instructions" Here you will see two powershell commands that can be used. Use the bottom one to swicth the federation from ADFS to Okta via a powershell console connection.

PLEASE BE CAREFULL: This will affect all users. If you're wanting to test this first, it might be worth just setting up a new trial Office 365 tenant. If you're confident, then these wuld be the steps to take.
This was selected as the best answer
Nidhin C KNidhin C K
Thanks a lot Kevin Turner. We have configured SSO in our test okta org and its working fine. But all the applications under O365 is visible to all. I guess Okta does not have an option to selectivly display the application icons based on user license. Am i right?