<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00007mnyNfCAIOkta Classic EngineIntegrationsAnswered2024-01-16T17:17:55.000Z2022-07-01T13:27:06.000Z2022-07-01T23:39:17.000Z

User16497777742143012533 (Customer) asked a question.

July 1, 2022 at 1:27 PM
Does Okta O365 integration use OIDC/OAuth

Hello,

 

We have set up an O365 integration for using the PowerBI application within Okta. It all works well. When we click on the PowerBI application icon it allows us to do SSO. We also have a custom app integration which will launch our custom web application when logged into Okta. Now the requirement is that once we are inside our custom we app from there we need to launch the PowerBI service (app.powerbi.com) and that should be a single sign on. The SSO also works when we use the embed link generated by Okta for PowerBI.

 

The issue here is that from okta we get an embed link like the following

https://<okta-domain>/home/office365/<id>

 

We do not want to use the above link to be embedded within our custom app because the above link would always take users to the home page. What we want is that when users click on a specific report in our custom app we would want to SSO into app.powerbi.com and take them directly to the report link.

 

When I inspected the network calls from the browser when I copy pasted the okta embed link for PowerBI it looks like okta uses an OAuth integration with PowerBi because I saw that internally the embed link is redirected to

 

https://login.microsoftonline.com/common/oauth2/authorize?client_id=<client_id>&domain_hint=<domain>&redirect_uri=https://app.powerbi.com/?noSignUpCheck=1&response_type=id_token+code&response_mode=form_post&scope=openid+profile&post_logout_redirect_uri=https://app.powerbi.com/?noSignUpCheck=1&nonce=1625ec43-7827-48eb-af64-7454373456e7

 

When I use the above link that also does an SSO to PowerBI and I was just thinking I could change the redirect_uri with the exact report path in PowerBI and that would solve my problem. Please let me know if my thinking is right.

 

Thanks

Ranjith

  • 1 answer
  • 807 views

  • Mihai N. (Okta, Inc.)

    Hi @User16497777742143012533 (Customer)​ , Thank you for reaching out to the Okta Community!

     

    To answer your question, in this case the Okta integration does not use OIDC/OAuth.

    The Office 365 integration with Okta can use one of two possible SSO methods(currently); 

    The example you provided, which does indeed seem to contain OIDC/OAuth, is all within the Microsoft realm. 

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope it helps! 

    Expand Post
This question is closed.
Loading
Does Okta O365 integration use OIDC/OAuth