BlakeK.35944 (Customer) asked a question.
Using Okta credentials to login to Windows machines
My nonprofit organization just got 7 windows laptops, I have connected them to Azure Active Directory, we currently do not have an onsite server and I have installed Microsoft Office 365 application in Okta but the computers are not allowing me to use Okta credentials even though everything appears to be set up correctly. What am I missing or what do I need to do? I should note that the Okta domain for usernames is different for the Microsoft Office 365 domain name.
Hi @BlakeK.35944 (Customer) , Thank you for reaching out to the Okta Community!
If you've federated the O365 domain with Okta and confirmed that when you go to the Office page with a web-browser it redirects you to Okta for authentication, the same thing should apply here.
A few basic principles need to be clarified though.
1. Okta username is not necessary the same as the O365 username (aka user email attribute)
2. When you log into the machine, the username used should be the O365 one with a federated domain.
3. The machine has to be connected to the internet always.
For example:
User: John Smith
Okta Username: john.smith@oktaDomain.com
Email/O365 username: john.smith@emailDomain.com
John Smith goes to log into the machine.
He must provide the Microsoft/Azure/O365 username (email).
Microsoft/Azure/O365 determines that emailDomain.com is federated with Okta so it sends John to Okta for authentication.
When presented with the Okta org login screen, John must provide his Okta username and password.
Once Okta has confirmed the credentials, John is redirected to the Microsoft/Azure/O365 resource were he's granted access.
That being said, this is just a high-level overview that does not cover any of the other myriads of details that go into the implementation.
Hope it helps!
Okay, thank you for replying. I have done exactly this but when i go to log in to the device it is not redirecting me to Okta to log in, is there any guide to help me with this?
I'm afraid that there is no out-of-the-box option for what you are trying to achieve. This is not currently supported as a product feature and we don't have a step-by-step guide.
The closest I could find are the O365 ones:
https://help.okta.com/en/prod/Content/Topics/Apps/Office365-Deployment/deploy-main.htm
https://help.okta.com/en/prod/Content/Topics/Apps/Office365/advanced.htm
There is a Okta Credential Provider for Windows but this is currently only for servers:
https://help.okta.com/en/prod/Content/Topics/Security/proc-mfa-win-creds-rdp.htm
https://help.okta.com/en/prod/Content/Topics/Security/proc-mfa-win-creds-rdp-install.htm
According to your website there is a way to make this happen, how could we make this happen?
That feature does not apply here.
To clarify, Okta Desktop Single Sign-On refers to the feature that allows automatic authentication (through Kerberos tickets) in your Okta site from a domain joined machine while using the company network.
It comes in two "flavors":
• "regular" DSSO (involves server and agent maintenance): https://help.okta.com/en/prod/Content/Topics/Directory/ad-dsso-enable.htm
• Agentless DSSO: https://help.okta.com/en/prod/Content/Topics/Directory/Configuring_Agentless_SSO.htm
More info can also be found here: https://help.okta.com/en/prod/Content/Topics/Directory/dsso-faq.htm
Would their be a better solution to make this happen for instance let's say that the same domain is being used?