AparnaR.41261 (Customer) asked a question.
Issue with Azure AD integration
Hello team,
I have followed this KB article https://help.okta.com/en/prod/Content/Topics/Provisioning/azure/azure-integrate-main.htm to create an integration between Okta and Azure AD as IdP. I had to change the IdP Username on the IdP settings to idpuser.subjectNameId because it wasn't accepting idpuser.email. It was giving a "Authenticate user via IDP ; failure: Unable to transform email to username" . Howver, I still cannot login to Okta application via AAD due to the below error.
Authenticate user via IDP
failure: Unknown Profile Attribute
Authenticate user via IDP
failure: Skipping assertion attributes because of schema mismatch
Any help is much appreciated.
Hello @AparnaR.41261 (Customer) ,
Thanks for posting.
When you map attributes in okta for Azure AD (as per https://help.okta.com/en/prod/Content/Topics/Provisioning/azure/azure-map-attributes.htm 13) Make sure to check that the External URL name does not have “.” at the end. cause if you directly copy and paste it will include “.” also in URL and it will give an error.
Here are a couple of documents with information about the reason why this happen and resolution:
Inbound SAML JIT fails
https://support.okta.com/help/s/article/Inbound-SAML-JIT-fails?language=en_US
Skipping assertion attributes because of schema mismatch
https://support.okta.com/help/s/article/Skipping-assertion-attributes-because-of-schema-mismatch?language=en_US
Let us know if this helps you.
Daniela Chavarria.
Okta Inc.
Hello Daniela,
I have looked up the above posts in your comment. None of those helped. I verified that all the settings are configured correctly. When I try to access the Okta app from Azure AD, I see the below logs on Okta; I am not sure which attribute is mapping the target.id. From my experience this is something Okta would generate.
Regards,
Aparna