<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009zQ9s4CACOkta Classic EngineAuthenticationAnswered2025-03-16T09:00:22.000Z2024-02-13T15:42:09.000Z2024-02-19T16:48:02.000Z

kgm0j (kgm0j) asked a question.

February 13, 2024 at 3:42 PM
Need Assistance Joining Windows 11 Machine to Microsoft Entra Using Okta

Hi everyone,

 

I'm having trouble with joining a Windows 11 Pro device to Microsoft Entra ID using Okta as the authenticator. I have been working with Microsoft support, but they have not been able to solve the issue and advised me to reach out to Okta for help.

 

Here's some background information about the setup: 

 

  • Our organization uses Okta as the universal directory and provisions users to M365 using user profile sync.
  • We use M365 apps, and Microsoft Intune as our chosen MDM.
  • To enrol our Windows 11 devices in MDM, we require our users to join their devices to Entra using their Microsoft Entra username and password, which is effectively their Okta username and password (access work or school - add a work or school account - join the device to Microsoft Entra ID). When doing this, a Microsoft authentication window appears, the user enters their email address, and then the authentication is passed through to Okta. Okta tries to authenticate, but Microsoft says it's unable to sign in and gives the error code 50196.

 

The reason we have chosen to add the device to Microsoft Entra is because by doing so it creates a managed user profile on the device.

 

Has anyone else experienced this issue? If so, any advice on how to resolve it would be greatly appreciated!

 

Image is not available

 

Image is not available

  • 5 answers
  • 1.07K views

  • Paul S. (Okta, Inc.)

    Hello @kgm0j (kgm0j)​ Thank you for reacting out to our Community!

     

    The error seems to happen on Microsoft side. Have you also consulted the Okta system log, are there any information there?

    Also, is there a chance to perform a trace on the login to understand what is happening?

    Could there be any Policy on Azure side that could block the sign in?

    Please also see this article that might provide some assistance:

    https://learn.microsoft.com/en-us/answers/questions/1284588/how-do-i-fix-error-code-50196-when-trying-to-login

     

    Community members help others by clicking Like or Select as Best on responses. Try it today.

     

    Earn Today: New Okta Community Badges Have Arrived

     

    Ask the experts about Okta Privileged Access

    Expand Post

    • kgm0j (kgm0j)

      Hi Paul,

      Thank you for getting back to me. I would've answered via the community forum, but I keep getting a SAML error when I try to log in.

      I think this could be an issue on Microsoft's side, but Microsoft is pushing me Okta's way. The Okta system logs for Microsoft suggest that everything is fine. I've just tried to add my laptop to Entra ID again and checked the Okta logs, and have the following:

      Evaluation of sign-policy = ALLOW -> User single sign-on to app SUCCESS; interestingly, there are no sign-in logs for my user in Microsoft Entra. I've ensured no sign-on policies within Entra are required. I've also compared the sign-on configuration for M365 within Okta with another instance I use where it works. I'm very puzzled!

      Kind regards,

      *Laurene Hamilton (she/her)* | +44 20 4536 7854
      Co-founder & Head of Technology Operations




      *I’m sending this message now because it suits my schedule. I don’t expect
      you to read, act or respond outside your regular working hours.*


      *Schedule a 30-minute meeting with me*
      <      https://calendar.app.google/dDDADE9aXnybqV78A>
      Expand Post

      • kgm0j (kgm0j)

        Hey Paul, Happy Friday!

        Thanks for getting back to me. I agree; it's probably the best next step. What is the best way to do that? I've been unable to log into the support portal to raise a help request. I could only submit a question to the community.

        If you could let me know, that would be great!

        Kind regards,

        *Laurene Hamilton (she/her)* | +44 20 4536 7854
        Co-founder & Head of Technology Operations




        *I’m sending this message now because it suits my schedule. I don’t expect
        you to read, act or respond outside your regular working hours.*


        *Schedule a 30-minute meeting with me*
        <        https://calendar.app.google/dDDADE9aXnybqV78A>
        Expand Post

      • kgm0j (kgm0j)

        Hi Paul,

        I just heard back from Microsoft support, and they have said the following:




        *We discussed this scenario with our internal team, and they informed us
        that Okta is not able to pass device-level claims to be able to complete
        device registration successfully. We request you kindly inform the Okta
        team of this and have them check on device-level settings and claims
        configuration.*

        Kind regards,

        *Laurene Hamilton (she/her)* | +44 20 4536 7854
        Co-founder & Head of Technology Operations




        *I’m sending this message now because it suits my schedule. I don’t expect
        you to read, act or respond outside your regular working hours.*


        *Schedule a 30-minute meeting with me*
        <        https://calendar.app.google/dDDADE9aXnybqV78A>
        Expand Post
This question is closed.
Loading
Need Assistance Joining Windows 11 Machine to Microsoft Entra Using Okta