Questions About Adding Okta IDP as App Registration to Azure

Loading

Skip to Navigation Skip to Main Content

Search

Search

Select Language

0D54z00009xie3BCAQOkta Classic EngineSingle Sign-OnAnswered2025-02-16T09:01:04.000Z2024-01-15T18:48:13.000Z2024-01-16T20:38:31.000Z

8jzx9 (8jzx9) asked a question.

January 15, 2024 at 6:48 PM

Questions About Adding Okta IDP as App Registration to Azure

I am very interested in the automation found in Okta for onboarding and offboarding employees. As I understand it, in order to do that, I need to add Okta as an IdP using Azure App Registration. A co-worker of mine has made the statement that this will override Azure as our existing IdP. My understanding is that it will allow Okta to see our Active Directory and perform onboarding and offboarding in the various systems that we use. As I understand it, our Azure will continue to be an IdP. For example, our AD Sync will continue to function without issue, correct? Our Microsoft 365 will continue to function being synced to Azure, etc., correct? As I understand it, an organization can have multiple IdPs, correct?

Single Sign-On

Top Rated Answers

User16594883467582706479 (Customer Support Online Experience)
Edited January 16, 2024 at 8:38 PM
Hi, @8jzx9 (8jzx9)

Thank you for posting on our Community page!

This is a very broad question and a complex implementation depending on the requirements that can’t be covered via a Community post but a high level explanation would be as follows:

It all depends on how you want the information to flow.

If you want to handle license/role/user lifecycle from the Okta side and have Okta handle authentication, you could piggyback on the Office 365 implementation that has WS-FED SSO and Provisioning:
https://help.okta.com/en-us/content/topics/apps/office365/o365-main.htm

*certain provisioning types are not compatible with Directory Synchronization, Azure Active Directory (AAD) Sync, or Azure Active Directory Connect.
https://help.okta.com/en-us/content/topics/apps/office365/references/provisioning-types.htm

There are also some integration options for Azure AD via Okta Workflows:
https://help.okta.com/wf/en-us/content/topics/workflows/connector-reference/azuread/azuread.htm

If you want information to flow from Azure AD to Okta, then you could look into the following:
https://support.okta.com/help/s/article/how-to-sync-azure-ad-with-okta?language=en_US

For more in depth suggestions based on your needs, I would suggest contacting our Sales department.

Ask the Experts: Now Thru 1/31 Okta FastPass Engineering and Product Teams Answer Your Questions

Community members help others by clicking Like or Select as Best on responses. Try it today.
_________________________________________________________________________
Expand Post
Selected as Best

All Answers

User16594883467582706479 (Customer Support Online Experience)
2 years ago
Hi, @8jzx9 (8jzx9)

Thank you for posting on our Community page!

Typically, Okta acts as an identity provider (IdP) and delivers authenticated user profile data to downstream applications. Often overlooked is that you can configure Okta to act as a service provider for external IdPs to manage access to downstream applications, including those that are externally authenticated. For externally authenticated users assigned access to Okta-managed resources, Okta delivers user profile data to downstream applications as SAML assertions or OIDC tokens.

You can find all the information required for the integration here:
https://help.okta.com/en-us/content/topics/provisioning/azure/azure-integrate-main.htm

Ask the Experts: Now Thru 1/31 Okta FastPass Engineering and Product Teams Answer Your Questions

Community members help others by clicking Like or Select as Best on responses. Try it today.
_____________________________________________________________________________
Expand Post
8jzx9 (8jzx9)
2 years ago
Hi Laura, I wonder if you could assist me in obtaining answers to these questions. If you need to escalate these questions to other parties that would be greatly appreciated.

I am very interested in the automation found in Okta for onboarding and offboarding employees. As I understand it, in order to do that, I need to add Okta as an IdP using Azure App Registration. A co-worker of mine has made the statement that this will override Azure as our existing IdP. My understanding is that it will allow Okta to see our Active Directory and perform onboarding and offboarding in the various systems that we use. As I understand it, our Azure will continue to be an IdP. For example, our AD Sync will continue to function without issue, correct? Our Microsoft 365 will continue to function being synced to Azure, etc., correct? As I understand it, an organization can have multiple IdPs, correct?

Expand Post
- User16594883467582706479 (Customer Support Online Experience)
  Edited January 16, 2024 at 8:38 PM
  Hi, @8jzx9 (8jzx9)
  
  Thank you for posting on our Community page!
  
  This is a very broad question and a complex implementation depending on the requirements that can’t be covered via a Community post but a high level explanation would be as follows:
  
  It all depends on how you want the information to flow.
  
  If you want to handle license/role/user lifecycle from the Okta side and have Okta handle authentication, you could piggyback on the Office 365 implementation that has WS-FED SSO and Provisioning:
  https://help.okta.com/en-us/content/topics/apps/office365/o365-main.htm
  
  *certain provisioning types are not compatible with Directory Synchronization, Azure Active Directory (AAD) Sync, or Azure Active Directory Connect.
  https://help.okta.com/en-us/content/topics/apps/office365/references/provisioning-types.htm
  
  There are also some integration options for Azure AD via Okta Workflows:
  https://help.okta.com/wf/en-us/content/topics/workflows/connector-reference/azuread/azuread.htm
  
  If you want information to flow from Azure AD to Okta, then you could look into the following:
  https://support.okta.com/help/s/article/how-to-sync-azure-ad-with-okta?language=en_US
  
  For more in depth suggestions based on your needs, I would suggest contacting our Sales department.
  
  Ask the Experts: Now Thru 1/31 Okta FastPass Engineering and Product Teams Answer Your Questions
  
  Community members help others by clicking Like or Select as Best on responses. Try it today.
  _________________________________________________________________________
  Expand Post
  Selected as Best

This question is closed.

Recommended content

Forum

Adding an App that uses Azure SSO different that our Azure domain

Forum

Adding Okta as a IDP to Azure B2C

Forum

SAML App to federate Okta as an external IDP to Azure AD

Forum

SSO using Azure as the IDP to Okta as the SP redirecting to Confluence Web App

Loading

Questions About Adding Okta IDP as App Registration to Azure