We're running into a jam with a company we do business with, but are not connected to with our Okta environment, which is federated with a microsoft tenant with a few domains. Everyone in our org has a microsoft account connected to one of our domains, and I'll call that Domain A. We also have microsoft accounts set up with the company we do business with on their tenant and domain, which I'll call Domain B. Domain B is only accessible from inside their citrix environment.

When we try to share a link from Domain B's onedrive to our Domain A account, we get the email just fine about the sharing in the Domain A account's inbox. Clicking the link will from that inbox creates a verification back to Domain A's Okta to verify who we are to Domain B. Domain A's Okta verifies who we are, but has no way to send us back to Domain B's tenant to finish the share, so it continually loops.

This happens on more than just Onedrive. We will also receive secure emails from Domain B, specifically for a person in Domain A. They can never get to it, because when they attempt to verify it gets stuck in that loop, and never sends us back to Domain B.

If we receive any of Domain B's share invites or secure emails to a separate domain, on a Microsoft tenant not federated with our Okta or connected to Okta at all, it works fine. I can't share from Domain A user's onedrive to Domain B, because their firewall restricts our netorg's sharepoint domain.

Wondering if anyone has seen this behavior or knows of a fix for our Okta config. Thank you.