This notice refers to older "Hybrid" Azure integrations with an on-prem "MFA Server." Okta customers should see notices while authenticating that they need to register for the Microsoft MFA application and use their authentication. These notices occur even though the customer is already configured for MFA through Okta.
- Okta Classic Engine
- Okta Identity Engine
- Federated O365 integration
- Azure AD
- On-Prem Azure MFA Server
Microsoft organizations federated with Okta are not expected to be impacted by a required migration from MFA Server to Azure MFA, as the nature of this hybrid integration required Azure AD, where an Okta Org would already be and remain federated. All that is expected to change is how MFA is triggered in the Microsoft ecosystem. If a federation already exists between Microsoft and Okta, the way Okta perceives the federated domain, authentication requests, and responses will remain the same before and after the migration.
Okta strongly suggests consulting Microsoft support for advice on any potential federated service impact in migrating from this deprecated integration and ensuring all configuration migrated is done so accounting for all federated services.
Related References
- For reference to Okta's integration with Azure AD, please review the documentation on Okta MFA for Azure AD.
