00ufqy4mxkCMrc2vn0h1.5318579510676252E12 (Optiv) asked a question.
Azure AD as IdP and use Okta MFA for O365 apps?
We have Radiant Logic creating users in Azure AD and in Okta, and we are using Azure AD as an external Identity Provider to Okta - works great. Now we want to protect our O365 apps (mail and the like) with Okta MFA, however using WS-Fed just puts us in a loop as our users authenticate to Azure AD. (AAD sends to Okta, Okta routing rules send back to AAD). Has anyone else been able to use Okta MFA with AAD as an external IdP for O365 access?
This is Mihai from Okta support.
You can check the documentation bellow to see if it helps:
https://help.okta.com/en/prod/Content/Topics/Apps/Office365/Use_Okta_MFA_Azure_AD_MFA.htm
If this doesn't answers your question, please open a support case with us.
Thanks, I appreciate that. The claims pass feature is designed to pass the Okta MFA claim to Azure under the assumption that you authenticated at Okta. In the use case above, authentication is directed to AzureAD as an external IdP, and doesn't fit the use case.