ly1u7 (ly1u7) asked a question.
How does Custom IDP service know which user its validating when used as a MFA factor?
I'm trying to understand the design of Okta Custom IDP factor for MFA factor configuration. When the custom IDP is chosen as a second factor to verify the user login, what information does Okta pass to the service that helps it determine which user it is validating?
For example, in Microsoft, it sends and id_token_hint which can be used to get the username that we are verifying MFA for. How does this work in Okta?
Hello @ly1u7 (ly1u7) , thank you for contacting Okta Community.
I think what you're looking for are routing rules for IdPs. If you want to know more about the custom IdP factor, you can review the article we have published on this:
Custom IdP factor - this one also touches on Azure, specifically: Make Azure Active Directory an Identity Provider.
There are also a few other articles that you may find interesting:
Identity Providers - this is the main article with links to more resources
Configure the IdP authenticator - this one includes explanations, steps, and expected end-user experience
Identity Provider routing rules - what they are and how they work
Configure identity provider routing rules - how to use routing rules
Configure dynamic routing rules - these rules are more versatile and use Expression Language to match users to any IdP
Modify routing rules
Regards.
--
Ask Us Anything about Okta FastPass - now thru December 11th