3xs8g (3xs8g) asked a question.
Entra ID Integration - not provisioning or using Entra as IDP
I am attempting to integrate Entra ID with Okta where Entra would be the primary IDP. I am currently using free tail licenses for both Entra and Okta. I have gone through the setup documentation more times than I can count. I have setup the identity provider for Entra using the SAML 2.0 IDP with JIT to the best of my knowledge.
- newly created users in Entra are not being created in Okta
- where users match, Okta is not using Entra creds for authentication.
- profile mapping does not seem to map first and last name
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
My goal is for this to work similar to if Okta was integrated with Active Directory with delegated authentication. Any advise is welcome.
thank you
Hello @3xs8g (3xs8g) Thank you for posting on our Community page!
If the user is unable to login and JIT fails, it would indicate that the IDP setup in Okta might be setup wrong. To locate the problem I would recommend to review the System log and see where the failure happens, Okta's System log's error are usually very accurate and you will be able to pinpoint the issue in the configuration.
Also make sure that you follow this configuration doc for the implementation:
https://help.okta.com/en-us/content/topics/provisioning/azure/azure-integrate-main.htm
Note: you should be able to skip this step :"Map Azure Active Directory attributes to Okta attributes"
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.