test2t.42872 (Customer) asked a question.
We have Okta / O365 integrated with Okta being the iDP. Lately, we setup hybrid azure AD join and conditional access with sign-in frequency on O365/Azure. Once that done, after initial join sync and sign-in, users are no longer getting prompt for authentication from Okta. Azure (login.microsoft.com) is taking over and performing "re-authentication" without redirecting to Okta. It is noticed that the account has "connected to window" underneath it on the Microsoft Pick An Account form. Is this expected that the account shown as "connected to window"? Anyone has encountered the same issue?
In addition, since Okta not really able to support federation on the HAAD join process and always relied on join sync. Does it matter to configure HAAD using managed domain for the windows with version < 1803? What would be the different in behavior with this approach?
Appreciate if anyone can shed some light on this
Thanks,
Dini
Hi Dini,
This is Marius with Okta T2 engineers. I would advise opening up a support ticket with us so we can investigate the matter at hand. There are a lot of moving parts with the Okta and the hybrid Azure AD connect integration.
Thank you,
Marius Dinu
Okta T2 Support