s6t9w (s6t9w) asked a question.
Okta with Microsoft Intune
Okta and Microsoft 365 has WS-Federation for Single Sign On. When we access the link portal.office365.com it redirect to Okta and the authentication is successful. I am now trying to set up Intune Laptop wtih Okta.
- Testing on Windows 10 Pro OS
- During the setup, in the place of Microsoft account, when we enter the Email ID, it redirect to Okta and the authenticatIon is completed.
- Then the device setup and account setup process of Intune is completed
- The Laptop reboot and shows the login page as "Other user"
- It does not accept the Okta Email and password
Tried another method
- When skipped the account creation by not connecting to Wifi. Create a local account and was able to access the Laptop
- Tried joining the laptop to Azure Active Directory and it got connected
- When trying to switch the user to access the account, it is not accepting the username and password
In both the case, the machine is visible in Intune portal and shows the Primary user
Q : How do I make sure that the enrolled account is appearing in the login screen and authentication is happening?
Sync password is enabled in Microsoft - Okta setup
Ciprian from Okta here,
You should have all the answers for your questions in this documentation that explains the whole process
Have you looked at the following article.
https://www.okta.com/sites/default/files/Okta_Windows_10_azure_AD_join.pdf
First thing is to get your O365 application in OKTA, make sure it's federated and controls provisioning. Assign the application to a user, with the InTune licence assigned (I've been using the Microsoft E3 Licence which includes InTune). Once this is assigned, the user is then able to be assigned a device in InTune for auto-enrolment.
During the Windows 10 setup, enter the users' work email. You will then be directed to OKTA for authentication and then the InTune enrolment will begin.
Ref link = > https://support.okta.com/help/s/question/0D51Y00008MxGWvSAN/how-do-we-automatically-enroll-a-laptop-in-intune-given-that-we-use-okta
Thank you Ciprian . I have followed the docs and the enrolment successful. We are unable to switch account to Okta.
In the login screen, we see only see "Other User" it doesn't accept the Okta username and password
I create an account in Azure portal directly and tested the authentication. It is working fine.
Please let me know how can I validate that Okta password is synced with Microsoft O365. I believe it is a password sync issue
Hi Arjun
Did you find a solution to this?
Yes Ben. We need to enable password sync and Exchange ActiveSync on any mobile platform, any desktop platform in Sign on policy.
Let me know if you need any assistance
Hi Arjun,
Thanks to your post, i was able to resolve this issue.
Do you know how the password changing behavior works with this setup?
what happens when i change my password on my laptop?
what happens when i change my okta password? (does it make it to the laptop? how long?
Thank you
still running some test scenarios
but since it's using a MS account password. and i can't change my password in Office365 due to WS-Fed to Okta. the only place i can change my password is in Okta anyway. =)
uses the cached password until your online and login to your laptop
Hi Arjun
Yep we eventually figured out that Exchange ActiveSync/Legacy Auth needed to be ticked.
Thanks for confirming 🙂
hey @s6t9w (s6t9w)
can you please help me out as well. I have the same exact issue that you are facing. The Okta - office365 works with no issue. The sign on policy is in place in Okta. I am able to enrol to the laptop with okta credentials when i am first setting up the laptop. Then when i log out and try to log back in, it doesn't accept the Okta credentials, i am able to login only with pin.
any suggestion from your side?