Using Okta to Authenticate users into an Azure WebApp / Enterprise Application SSO.

l770k (l770k) asked a question.

June 3, 2024 at 7:40 AM

We have an ASP.NET web-based Enterprise Application deployed in Microsoft Azure. Currently the application uses SQL stored user accounts and Simple Membership to handle the user authentication.

We are trying to migrate the application to use SSO with Okta as an IdP, and have followed the documentation here: https://help.okta.com/en-us/content/topics/provisioning/azure/azure-create-enterprise-app.htm and what we are experiencing is:

When the user navigates to the web app, the authentication process initiates, which forwards the browser to the Okta login, and logs the user in.
Once logged into Okta, the app is displayed in the Applications section, and when the app icon is clicked or the application is launched, the user is forwarded back to a Microsoft error page stating "Invalid Empty Request".

I've spent the past 3 days working with Microsoft's support technicians who have been trying to figure out why that's happening, and their end result was that they believe the error is coming from the Okta side, because everything they see on their end says authentication is successful. I've been able to verify this by using the built in SSO testing tool in the Enterprise Application.

Thank you in advance for any and all suggestions.

Single Sign-On

Paul S. (Okta, Inc.)
2 years ago
Hello @l770k (l770k) Thank you for posting on our Community page!

The documentation linked is to use Azure AD as an IDP in Okta, which this would not provide a tile to the end-user's dashboard and maybe this is why the app is not working as intended. If you want to use Okta as the IDP the best way to do so is to create a Microsoft Office 365 app and federate that with Okta. This way your users will have access to the MS365 application tile and they can SSO into Azure without a problem, please see our deployment guide below:
https://help.okta.com/en-us/content/topics/apps/office365-deployment/configure-sso.htm

NOTE: for this you do not need to enable Provisioning if this is not needed.

Thank you for reaching out to our Community and have a great day!
--
Join the Ask Me Anything online event on June 13, 2024 to discuss the new Govern Okta Admin Roles feature with our Experts
Expand Post
Selected as Best

Paul S. (Okta, Inc.)
2 years ago
Hello @l770k (l770k) Thank you for posting on our Community page!

The documentation linked is to use Azure AD as an IDP in Okta, which this would not provide a tile to the end-user's dashboard and maybe this is why the app is not working as intended. If you want to use Okta as the IDP the best way to do so is to create a Microsoft Office 365 app and federate that with Okta. This way your users will have access to the MS365 application tile and they can SSO into Azure without a problem, please see our deployment guide below:
https://help.okta.com/en-us/content/topics/apps/office365-deployment/configure-sso.htm

NOTE: for this you do not need to enable Provisioning if this is not needed.

Thank you for reaching out to our Community and have a great day!
--
Join the Ask Me Anything online event on June 13, 2024 to discuss the new Govern Okta Admin Roles feature with our Experts
Expand Post
Selected as Best
l770k (l770k)
2 years ago
Thank you for the response, I will give this a try and see if it works for our use case.
Expand Post

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies