9x7q5 (9x7q5) asked a question.
Provide Okta as an IDP on a Azure AD to access application authenticated through the AAD
Hi, We are wanting to integrate Okta as an IDP for Azure AD and would like to enable users from Okta to have federated access to applications that are managed in an Azure Active Directory. This will entail having okta added as a Identity Provider (IDP) to enable access and authenticate with our applications hosted in Azure and are managed by the AAD.I have looked at the comparability and Okta is supported to be added as an IDP in Azure (https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-federation-compatibility#okta).However, I couldn't find any documentation on how to add that as an IDP. I Have a few questions regarding this;Can we use Okta and add it as an IDP in our Azure B2B AD.?Will this be achieved by implementing SSO (Single Sign on), what is the preferred protocol to be used in this scenario for Authentication? 'SAML' or OAuth and OpenID Connect. If there is an alternative or easier way, such that, users from OKTA are able to sign in to an Identity provided by Azure AD. Is MFA supported in OKTA for the said users?It seems if we go down the SAML route, we would have to change our AD to a custom domain which we currently don't have (we are using the Microsoft default for our AD "onmicrosoft.com"). I have skimmed over these links but couldn't find any straightforward answer;
- https://support.okta.com/help/answers?id=9062A000000XaGLQA0&feedtype=SINGLE_QUESTION_DETAIL&dc=Okta_Application_Network&criteria=OPENQUESTIONS& * https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps
- https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-federation-saml-idp#azure-ad-saml-20-protocol-requirements * https://social.msdn.microsoft.com/Forums/en-US/ee6bfd3f-3c4a-4201-9800-8189e67b4dea/how-can-we-integrate-okta-as-idp-in-azure-ad?forum=WindowsAzureAD
- https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview-custom
- https://stackoverflow.com/questions/34297152/azure-ad-as-federation-provider-for-okta%E2%80%8B
Hi Jawad,
Were you able to make in progress on this effort? I'm looking to do the same and am also lost with the correct approach.
Nate, do you think this article is a reasonable approach?
https://alanschmarr.wordpress.com/2016/02/22/okta-ad-integration-with-azure-ad-domain-services/
I ask because it's rather old, and it references an okta agent, which I don't see in my okta admin portal.
Thank you,
Jeremy