<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000A8xhrnCQAOkta Classic EngineSingle Sign-OnAnswered2024-05-31T17:15:54.000Z2024-05-20T14:17:30.000Z2024-05-31T17:15:54.000Z

00urncm0fGsdNobYk356m1.56139295220643E12 (Customer) asked a question.

May 20, 2024 at 2:17 PM
Help setting up and troubleshoot AzureAD as Identity provider in Okta

Hello,

I am trying to test "Make Azure Active Directory an Identity Provider" following the instructions from the

link: https://help.okta.com/oie/en-us/content/topics/provisioning/azure/azure-identify-identity-provider.htm.

After, going through all the configuration, the test page in Azure displays the message below. I need some help troubleshooting this. Any suggestions/tips are welcome.

/help/servlet/rtaImage?refid=0EM4z000007Id0E

Few things to note: AzureAD now called Microsoft Entra Id, the Okta instructions called for Azure AD Premium, however, I am trying with standard/free tier.

 

 

  • 1 answer
  • 343 views

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @00urncm0fGsdNobYk356m1.56139295220643E12 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    Based on the screenshot you provide the implementation seems to be failing on the MSFT side before it reaches Okta. 

    You can look into perhaps leveraging something like SAML Tracer to validate that your login request contains the proper information.

    Also, seeing as this seems to be at the SAML test phase, make sure that the user account leveraged exists on the Okta side and has the proper attributes like username/firsName/lastName/email depending on what is used to match the user ID on.  

    You can also check the Okta System Logs to see if there's anything of use there, but I don't think it reached that far to have anything registered on the Okta side.

     

     

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Join the discussion for the Ask Me Anything online event on May 23, 2024 with Okta Tactical Edge Product Experts

    Expand Post
    Selected as Best

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @00urncm0fGsdNobYk356m1.56139295220643E12 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    Based on the screenshot you provide the implementation seems to be failing on the MSFT side before it reaches Okta. 

    You can look into perhaps leveraging something like SAML Tracer to validate that your login request contains the proper information.

    Also, seeing as this seems to be at the SAML test phase, make sure that the user account leveraged exists on the Okta side and has the proper attributes like username/firsName/lastName/email depending on what is used to match the user ID on.  

    You can also check the Okta System Logs to see if there's anything of use there, but I don't think it reached that far to have anything registered on the Okta side.

     

     

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Join the discussion for the Ask Me Anything online event on May 23, 2024 with Okta Tactical Edge Product Experts

    Expand Post
    Selected as Best
This question is closed.
Loading
Help setting up and troubleshoot AzureAD as Identity provider in Okta