<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000AJD5EMCQ1Okta Classic EngineSingle Sign-OnAnswered2025-01-31T22:59:36.000Z2025-01-20T13:14:51.000Z2025-01-31T22:59:36.000Z

RajaR.78546 (Customer) asked a question.

January 20, 2025 at 1:14 PM
Azure AD Single Sign-On Integration for Okta Portal Users

Hey All,

I am looking to integrate Azure Active Directory (Azure AD) Single Sign-On (SSO) for users of the Okta portal.

so here my questions are,

As i am an okta admin, what are all the steps i should follow to complete this setup?

  1. If Azure AD will act as external IDP(SAML 2.0) for okta, how the okta users will sync to Azure AD? to perform SSO
  2. How can i sync my okta users group with Azure AD?
  3. I am looking to setup only SSO function for okta using Azure AD, as of now the users are in universal directory only.
  4. What can i do with, navigate to the Applications section in okta and create Azure AD application using SAML.

 

please help me to clarify the difference of creating Application in okta for Azure AD user connection & Adding Azure AD internal IDP in Okta?

  • 3 answers
  • 918 views

  • Mihai N. (Okta, Inc.)

    Hi @RajaR.78546 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    If you want to leverage Okta as the IDP for the Azure side, you will need to leverage the Microsoft 365 integration which leverages WS-FED for SSO.  

    The M365 implementation also supports Provisioning functions

     

    If you want to implement Azure as the IDP for Okta, then you need to review these guides

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • Mihai N. (Okta, Inc.)

    Hi @RajaR.78546 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    If you want to leverage Okta as the IDP for the Azure side, you will need to leverage the Microsoft 365 integration which leverages WS-FED for SSO.  

    The M365 implementation also supports Provisioning functions

     

    If you want to implement Azure as the IDP for Okta, then you need to review these guides

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • RajaR.78546 (Customer)

    Hi @Mihai N. (Okta, Inc.)​ 

    Thanks for your response

     

    I have a couple of questions regarding our Okta and Azure AD SSO integration.

    1. User Management and Group Sync:

    To effectively manage users and sync groups between Okta and Azure AD, should I create a SAML application in Okta for user provisioning and group synchronization? Or is there a different approach we should follow for this integration, apart from simply adding Azure AD as an external Identity Provider (IdP) for Single Sign-On (SSO)?

    2.External IdP Configuration:

    For the SSO setup, once we configure Azure AD as an external IdP in Okta, will that be sufficient for user authentication, or is there any additional configuration needed for managing user profiles and group memberships between both systems?

     

    Expand Post

    • Mihai N. (Okta, Inc.)

      Data sync is one-directional. 

      You either decide to use Okta as the identity provider for Azure AD (users sign into Azure with their Okta credentials) and implement SSO via WS-Fed with the Microsoft 365 app which federates the Azure AD domain and leverage the Provisioning features to manage user lifecycle, attributes, roles, licenses and groups towards Azure AD...

       

      OR

       

      You Implement Azure AD as the IDP for Okta to leverage SSO through SAML to Okta (users sign into Okta with their Azure AD credentials), which only syncs a limited number of attributes to Okta and allows user authentication.  

       

      Regards.

      --

      Help others in the community by liking or hitting Select as Best if this response helped you.

      Expand Post
This question is closed.
Loading
Azure AD Single Sign-On Integration for Okta Portal Users