SyedA.98225 (Customer) asked a question.
Enabling WS-Federation Caution
Hi,
Does enabling Okta's ws-federation affect only Okta's 0356 federation or others as well? Meaning if Okta ws-federation is enabled, will it break multiple forests federating to o356 from AD? The warning only applies to other o365 federations with Okta correct?
Trying to avoid break AD / O365 federation, but trying Okta / O365 federation via the O365 built in Okta app.
Otherwise, another easy to use MFA for O365 via Okta, if users are already in Okta via SAML?
Thank you in advance.
It connects the domain suffix so if email is blah@walmart.com
all walmart. Com users get sent. MS uses upn(not email tho they say email) (they expect upn n email to match)
so you can fed 1 or all upn suffixes.
we use 4 apps as we are gcc but i liked the sep apps as more easy for deskside with the 5 domains we have.
My name is Michael Hidalgo with Okta support and I will gladly assist you with this case.
The only domain that will be affected will be the one that you federate from Okta to O365.
Regarding your MFA question, you can use an application sign-on policy to be applied when users access O365
https://help.okta.com/en/prod/Content/Topics/Security/policies/configure-app-signon-policies.htm