This Knowledge Base article provides instructions on configuring Okta rules for new users when Azure Active Directory (AzureAD) is integrated as an Identity Provider. It focuses on adjusting the routing rule to Domain list on login, which ensures successful login for new users.
- Organizations that are utilizing Okta with Azure AD
- Single Sign-On (SSO)
New users present in Azure AD were unable to log in to Okta due to incorrect configuration of routing rules.
The following video and procedure outline how to change the routing rule so that the configuration "AND User matches" is set to "Domain list on login":
-
Navigate to the Admin Console and go to Security > Identity Providers.
-
Click on the Routing Rules tab, then click Add Routing Rule.
-
Provide a Rule Name.
-
Begin configuring the routing conditions. The condition AND User matches should be set to the Domain list on login. This specifies a list of domains to match without the @ sign. For example, if the domain is mytest.com, just enter mytest.com.
-
Under THEN Use this identity provider, select the identity provider to use when all the criteria are met. If a condition is configured in AND User matches, it is recommended to use a single identity provider.
-
Click on Create Rule, then decide whether to activate the rule immediately.
