-
WS-Federation
-
Microsoft Office 365 (O365)
-
Multi-Factor Authentication (MFA)
To reduce the risk of being solely dependent on Okta for authentication, one option is to defederate the domain from Okta. Defederation refers to the process of removing reliance on a third-party identity provider, such as Okta, and using an alternative authentication method. In this case, a SWA (Username and Password) authentication method could be used, which would allow Azure AD to authenticate users.
By using SWA authentication, Azure AD would be able to enforce MFA (Multi-Factor Authentication) for users, as this feature is not available in SWA authentication through Okta. This means that even if Okta is down, users would still be able to authenticate through Azure AD and access federated applications.
In this scenario, Okta would only be used for inserting the username and password in Office 365, but it would not be the sole holder of user's credentials. Azure AD would also have the user's credentials, which provides an additional layer of security and redundancy. By defeating the domain from Okta and using an SWA authentication method with Azure AD, organizations can reduce their dependency on a single identity provider and enhance the overall security and availability of their authentication process.
