User16895844056208209862 (Customer) asked a question.
Hello,
I have the following issue: Microsoft ecosystem (Exchange Online, Sharepoint online, Teams, Windows 365 etc...) has a strong identity integration with Azure AD (Entra ID). Okta is my main IDP and I have a federation setup for MYDOMAIN.COM.
Whenever I connect to Windows365 (for example), AzureAD authentication pops up, I enter john.doe@MYDOMAIN.COM and I'm redirected to Okta for authentication. AFAIK it's not possible to configure Windows365 to use Okta in the first place, the Azure AD step happens in any case. That could be fine, but I would like to setup Conditional Access in Okta to define who can access which (Microsoft) application. I couldn't find how to do this, it seems Conditional Access on Okta will apply to *all* applications linked to Azure AD. I need more granularity on Okta to get the application accessed "before" Azure AD.
Is there a trick I missed to achieve this?
Thanks,
Hi @User16895844056208209862 (Customer) , Thank you for reaching out to the Okta Community!
WS-Fed set up happens at domain level for the Microsoft 365 (Office) app. In this case the app is in fact a suite of apps.
The app level sign-on policies would apply to the entire suite, as you mentioned.
Currently there is no feature to set up granular access to specific apps from the Okta side.
You can suggest a Feature Enhancemnt on the Okta Community page by going to the Community→ Ideas tab. Features suggested in our community are reviewed and can be voted and commented on by other members. High popularity will increase the likelihood of it being picked up by the Product Team and it being implemented.
More details here.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
Community members help others by clicking Like or Select as Best on responses. Try it today.