<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008C3jn3SABOkta Classic EngineAdministrationAnswered2018-09-05T01:29:09.000Z2015-10-16T15:40:19.000Z2016-06-02T14:19:36.000Z

jszesq (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
What are best practices where Okta MFA SSO interfaces with salesforce or Google IdP and Ad?
A bit more background...seeking a best practices approach for iOS, Android, Win and OS X Desktops etc.

 

Network Topology:

Abizinabox.com

 

External 75.110.232.105 to .110

192.168.50/27, 192.168.51/27, 192.168.22/27

PDC DC-01 .55 Windows Server 2008R2

BDC APP-02 .57 Windows Server 2008R2

APPS 199.229.252.241 – OS X 10.10 – Open Directory Server

 

Okta Enterprise Multi-Factor SSO

 

Okta Universal Directory as ultimate IdP

Google Authenticator, SMS and Back-up Passwords

SAML Enabled Wherever available

Okta Active Directory Agent and LDAP Agents tied into office network

 

Google For Work

 

Two Factor Authentication

Google Authenticator, SMS, Application Passwords

Google MDM for iOS and Chrome

Google SAML set up as IdP with AWS IAM for control

 

Salesforce.com

 

Salesforce Set Up as IDP

SAML SSO
  • 1 answer
  • 1.49K views

  • edward.holliday1.413788283869593E12 (Okta, Inc.)

    Jordan,

     

    A lot of customers use the AD and LDAP Agents and Okta MFA to create an "Okta Sign On Policy" that enforces the use of MFA when employees are 'Off-network', for example when they are working at home.

    This type of MFA use case can also be useful as a way of retiring a VPN solution, which you may have protecting external employee access to certain protected applications. You know you will be able to replace the VPN with Okta MFA if you have configured a SAML only partnership with the SAML capable application and Okta. In your case this can be done with Salesforce and Google in SAML mode.

     

    Here is where you find this Security > Authentication > Multifactor

    0EMF0000000bpF7

     

    Some other customers still, will combine access to apps in Okta with integration (in order to invoke a VPN session) to their existing VPN using the Okta Radius Agent.

     

    If you have a lot of mobile access to apps and you have an Okta mobile product you might also be defing an 'Okta Mobile' native app policy under Security > Policies > Mobile

     

    0EMF0000000bpFC

    Edward Holliday, Principal Technical Consultant, Okta
    Expand Post
This question is closed.
Loading
What are best practices where Okta MFA SSO interfaces with salesforce or Google IdP and Ad?