m857e (m857e) asked a question.
Hey there,
My name is Alexandra, I'm a support person at META-INF, we have a customer who's trying to use our app with Okta but has trouble with it.
Our Jira application accesses/sends/receives emails via IMAP/POP/Oauth/Graph API connections and can safely do so in 99% of the cases.
There is this one case though, where the customer uses okta (first time for us) with a Microsoft Graph API connection and they can't authenticate, the error in the log reads:
Authentication result= USER_ALREADY_LOGGED_IN
We had a screen sharing session with them, every setting in Azure (permissions) and every setting in our application looks good, but it seems as if Microsoft would consider Okta an MFA and therefore fail the authentication.
Does anybody here have any idea if this is true, it's known that okta is considered MFA in this case and therefore will not work, or if there is an okta setting the customer should be aware of in order to make it work?
Thanks
Hello @m857e (m857e) Thank you for reacting out to our Community!
Okta can be setup to be an MFA provider with Azure, but in this case it might be something in the Okta policy's that might block the users to sign in.
I would recommend to also review the Okta System log to see what could cause this disconnect.
Also have your customer review the Org Authentication policy's and application sign on policy's as well.
Please also see below a few doc on these matters:
https://developer.okta.com/docs/reference/api/system-log/
https://help.okta.com/oie/en-us/content/topics/identity-engine/policies/about-app-sign-on-policies.htm
Community members help others by clicking Like or Select as Best on responses. Try it today.
Ask Away: OIG Product Experts Answer Your Questions Thru Thur., Dec 14
Earn Today: New Okta Community Badges Have Arrived