h20ed (h20ed) asked a question.
SharePoint Online: OKTA at Site Collection level or Tenant?
We are currently using OKTA Identity Manager and MFA for several application solutions.
We would like to move our web portal solution to SharePoint online. My parent organization has a SharePoint Online Tenant and they are willing to create a Site Collection for us. The parent company already has Microsoft MFA applied to O365 (outlook and intranet).
Are we able to disconnect Microsoft MFA and wire up OKTA for our site collection only? Or is OKTA setup at the Tenant level?
Leasing a new tenant to host 15 pages is excessive (and expensive). I'm hoping for a solution that allows us to leverage our existing OKTA Identity Manager while our parent organization continues to use their preferred MFA.
Hi Thomas, this is Bogdan from Okta support.
The only way to use Okta MFA with Sharepoint Online is possible only if the Office365 domain is federated with Okta.
The Okta MFA features are enable at a tenant level, the MFA prompt happens before the actual authentication into Sharepoint Online and for this flow to work we need to have WS-Federation enabled.
Currently Microsoft has enabled a feature that allows you to bring your own MFA provider in Office365/Azure without any federation, but this feature is not currently supported by Okta.
I recommend opening a Okta support case if you have any pending questions or concerns that we can address.
Bogdan Musat
Technical Support Engineer
Okta Global Customer Care