<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VTBSA3Okta Classic EngineOkta Integration NetworkAnswered2024-04-30T09:18:25.000Z2015-09-03T04:23:22.000Z2018-08-12T04:16:56.000Z

j5v7c (j5v7c) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:20 AM
Is it possible to use Okta Verify with O365/Exchange On-Line and Active Sync devices?
I have been experimenting with Okta Verify for multi-factor authentication with Office 365 (when users are off the Company network) and it works really well when using a web browser to authenticate to services such as Outlook Web Access or SharePoint On-Line.  Obviously this doesn't  work for full clients such as Outlook or iPhones synchronising e-mail via Exchange Active Sync (EAS) as they are unable to provide the Verify code.

 

For Outlook I expect that I can route the OKTA authentication requests via a registered On Network Public Gateway IP Address from our network (using a VPN and internal web proxy) I didn't have any issues with Outlook when it was On Network so believe this will work quite nicely.  From reading some OKTA documentation it appears that in EAS, the Exchange Server will proxy the authentication request to Okta so even using a VPN will not work.  I though that one possible solution would be to add the Exchange On-Line Servers as On-Network (set Public Gateway IPs) but this would require managing a large number of IP addresses, which are likely to change frequently without prior notice - so not something I really would be keen on putting into a production environment.

 

I am very interested to see if anyone else has done this successfully before or has any better solutions/ideas on a way to solve this?

 

Original Author:  David Howell
  • 2 answers
  • 3.04K views

  • j5v7c (j5v7c)

    I have OWA working perfectly with Okta MFA as does all other web based access to our Office 365 services (like SharePoint / OneDrive / Admin Portal).  The issue I have only affects non-browser clients such as the Mail Client in iOS or Windows Desktop Applications like Outlook which are not capable of showing the MFA request / challenge page.  I can route Outlook through our VPN so it appears to come from an OnNetwork address (which I have configured not to require MFA) but with Exchange Active Sync the logon request is proxied via the Exchange On-Line server and so I can't use this technique.

    Original Author: David Howell

     

     

     

    Expand Post
    Selected as Best

  • j5v7c (j5v7c)

    I have OWA working perfectly with Okta MFA as does all other web based access to our Office 365 services (like SharePoint / OneDrive / Admin Portal).  The issue I have only affects non-browser clients such as the Mail Client in iOS or Windows Desktop Applications like Outlook which are not capable of showing the MFA request / challenge page.  I can route Outlook through our VPN so it appears to come from an OnNetwork address (which I have configured not to require MFA) but with Exchange Active Sync the logon request is proxied via the Exchange On-Line server and so I can't use this technique.

    Original Author: David Howell

     

     

     

    Expand Post
    Selected as Best

  • BhaskarM.18336 (Customer)

    Hi Thomas,

     

    I look forward to see  the Integration steps for  OWA  with Okta for  MFA.

     

    Best regards,

    Bhaskar

    Expand Post
This question is closed.
Loading
Is it possible to use Okta Verify with O365/Exchange On-Line and Active Sync devices?