GaryS.15796 (Customer) asked a question.
Azure AD Join Device Sign in with Okta as IDP
Hi All,
We are facing an issue where users are not able to sign in to Azure AD Join devices. We have enabled Web Sign-in and after Okta MFA, it comes up with an error - "Please connect to Internet". We have been trying to find a solution for a while now and Okta Support wants us to log in to get logs. We can do Hybrid Join devices but we want to test AAD Join. Checking the AAD logs, it says to enable "Access Pass" for Web Sign-in". We were able to log in couple of time when new device was provisioned but when user log out or restart, same issue (sign-in possible only once).
Have someone faced similar issue when doing AAD Join devices?
Hello @GaryS.15796 (Customer) Thank you for reaching out to our community.
Have you tried to configure Temporary Access in Azure AD? This can be done following this documentation
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-temporary-access-pass
Please make sure that you also have enabled "Allow administrator to consent for Advanced API access" from the Sign On tab, this can be checked here:
https://help.okta.com/en/prod/Content/Topics/Apps/Apps_O365_Admin_Consent.htm
Also, you might want to check the System log to see if the sign in is Denied and adjust the Office application Sign On Policy.
https://help.okta.com/en/prod/Content/Topics/Apps/Office365/References/o365-sign-on-rule-options.htm
Hi @Paul S. (Okta, Inc.) Thank you for your response.
We don't want to configure Temporary Pass access as we just want it to work like normal AAD Join devices. I have not found a single Okta guide which actually will provide nd to end details and it is frustrating.
"Allow administrator to consent for Advanced API access" is already enabled.
Sign-in is successful as per Okta but it comes up with No Internet after MFA on Windows Log in.
Thank you