<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Use the "Use Okta MFA for Azure AD" Option
May 26, 2025
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview

This article describes how to use the Use Okta MFA for Azure AD option.

 Use Okta MFA for Azure AD 

Applies To
  • Office 365 WS-Fed
  • Entra ID (Azure AD)
Solution

The Office 365 Pass Claim for MFA feature comes enabled by default with the Core subscription. To take full advantage of this option: 

  1. In the Admin Console, go to Applications > Applications.
  2. Open the WS-Federated Office 365 app.
  3. Click the Sign On tab, and then click Edit.
  4. For the option Okta MFA from Azure AD, ensure that Enable for this application is checked and click Save.
  5. Run the following PowerShell command to ensure that the FederatedIdpMfaBehavior is set to enforceMfaByFederatedIdp: 
    Connect-MgGraph -Scopes Directory.AccessAsUser.All
Get-MgDomainFederationConfiguration -DomainId <yourDomainName> | Select-Object FederatedIdpMfaBehavior


By enabling the Use Okta MFA for Azure AD option in the Office365 WS-Fed integration, Office will be satisfied by the MFA provided in Okta and will not be required again when accessing Office resources.
 

Related References

 

Recommended content

Still looking for help?
Loading
How to Use the "Use Okta MFA for Azure AD" Option