3mgaq (3mgaq) asked a question.
Our company has M365 and Okta as ID provider. Read through the Okta-for-Hybrid-AAD-Join.pdf document.
A section of this Microsoft article https://docs.microsoft.com/bs-latn-ba/azure/active-directory/devices/hybrid-azuread-join-manual, has this note:
"If you don’t have AD FS as your on-premises federation service, follow the instructions from your vendor to make sure they support WS-Trust 1.3 or 2005 endpoints and that these are published through the Metadata Exchange file (MEX)."
Does Okta support WS-trust 1.3 or 2005 endpoints?
Another note from the article:
"If you don’t use AD FS for your on-premises federation server, follow your vendor's instructions to create the appropriate configuration to issue these claims."
http://schemas.microsoft.com/ws/2012/01/accounttype
http://schemas.microsoft.com/identity/claims/onpremobjectguid
http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid
http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID
How are these claim endpoints configured in Okta?
I do not see these addressed in the Okta document on Hybrid Join AAD. Are there other related references for Okta and Azure AD hybrid Join?
Thanks in advance.
Hi Emy,
To answer to your first question, Okta does support the WS-Trust protocol and you can use the WS-Fed template for creating such applications. ( https://help.okta.com/en/prod/Content/Topics/Apps/Apps_Configure_Okta%20Template_WS_Federation.htm ).
As for the claims, we do not have an official specific documentation for claims for Okta for Hybrid AAD Join integration, but if you want to know more about Okta claims, please visit this article: https://developer.okta.com/docs/guides/customize-authz-server/create-claims/.
Thank you,
Pomirleanu Andreea
Thank you, @andreea.pomirleanu1.5000675367180908E12 (Okta, Inc.) . I will review those references.