This article provides step-by-step guidance for integrating Microsoft Entra ID as an Identity Provider (IdP) for Okta and configuring Okta as an IdP for Microsoft Entra ID. Administrators can accomplish this integration using either Security Assertion Markup Language (SAML) 2.0 or OpenID Connect (OIDC) protocols.
- Okta Identity Engine (OIE)
- Okta Classic Engine
- Microsoft Entra ID (Formerly Azure AD)
- Custom SAML IDP
- Microsoft 365 Application in Okta
- OpenID Connect (OIDC)
How is Microsoft Entra ID integrated as an Identity Provider for Okta?
Administrators can configure Microsoft Entra ID as an external IdP for Okta using either SAML 2.0 or OIDC. Select one of the following methods to review the integration steps:
- Make Microsoft Entra ID an Identity Provider using the "SAML 2.0 IdP"
- Make Microsoft Entra ID an Identity Provider using OpenID Connect
NOTE: Incorrect attribute mappings between Microsoft Entra ID and Okta disrupt Just-In-Time (JIT) provisioning.
How is Okta configured as the Identity Provider for Microsoft Entra ID?
Configuring Okta as the IdP for Microsoft Entra ID requires a Web Services Federation (WS-Fed) integration with Microsoft Office 365. Information from Microsoft Office 365 mirrors directly into Microsoft Entra ID. Review the following documentation to perform this setup:
Microsoft Entra ID application services natively support only a limited number of external IdP services, which does not include Okta. When integrating Entra ID with Okta, Entra ID functions as the IdP and Okta acts as the Service Provider (SP). By selecting the appropriate method based on the organization's requirements and following the respective solution steps, Entra ID can be seamlessly synced with Okta, enhancing user management and enabling SSO capabilities for the organization.
NOTE: Do not require Microsoft as the Identity Provider for users in a federated domain where Okta acts as the Identity Provider. This configuration traps federated users in an infinite authentication loop.
