MichaelN.53038 (Endicott College) asked a question.
Using Okta only for MFA with O365
Before Okta our O365 had a conditional access policy I created that would send users in specific security groups to Duo for MFA only. When I went over a list of needs for Okta, I asked about these kinds of mfa only deployments and was told Okta could handle that no problem. All the documentation I can find on this says that we have to fully federate Okta and 0365 to get this working. We're not in a position to fully federate our O365 currently. All I want is to be able to send a portion of our users to Okta for MFA, but the documentation for this doesn't seem to exist. It seems to me that what was a pretty basic 5 minute set-up in DUO should be possible in Okta for a direct swap out.
Hi! From what I understand, O365 is not "partially" federated with Okta, but rather the domain itself is federated. Meaning when you enter "username@company.com", the @company.com will direct you to the correct Okta tenant. If there is a subset of users that can be selected for this behavior, it may be best directed to Okta in the form of a ticket as the O365 integration ca be quite complex depending on your needs. When you say send to Okta for MFA, are you referring to Okta Verify? Thanks!