<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5KZ00000mzt310AAOkta Classic EngineMulti-Factor AuthenticationAnswered2025-05-08T16:56:25.000Z2025-05-07T19:20:28.000Z2025-05-08T16:53:27.000Z

JacobD.07175 (Customer) asked a question.

May 7, 2025 at 7:20 PM
Share AMR claim Entra / Azure IDP in order to satisfy Okta admin MFA requirement

We use Azure as an IDP to Okta for logging into the Okta admin dashboard and supporting external users that use Okta for our org's apps. Okta is saying by May 15 that they will require MFA for any log in to their admin dashboard. We need to avoid duplicative MFA for users already going through MFA on Azure. Okta says this can be accomplished with claims sharing:

 

https://developer.okta.com/docs/guides/configure-claims-sharing/oktaoidc/main/

 

Specifically, Okta is looking for an AMR claim--but I think only on the ID token. Microsoft has the AMR claim on the access token. It is not available to select as an id token claim, and it is not listed as something that can be added via the manifest like other claims listed here:

 

https://learn.microsoft.com/en-us/entra/identity-platform/optional-claims-reference*v10-and-v20-optional-claims-set

  • 1 answer
  • 413 views

  • User17157611498146715886 (Customer Support Online Community and Social Care)

    Hello @JacobD.07175 (Customer)​ , thank you for contacting Okta Community!

     

    I've reviewed our documentation for something relevant. It looks like your question is more appropriate for our dedicated Okta Developer Forum. I advise reaching out via devforum.okta.com as they will have more insight into this topic. 

    In the meantime, you can reference these articles from Okta Developer: 

    Configure claims sharing

    Customize tokens returned from Okta with custom claims

     

    If you have a paid account, it could be worth opening a Support ticket (Customer Support Account ID number required) so one of our engineers can analyze your org's configuration and provide in-depth troubleshooting. You could also provide more details in a ticket that shouldn’t be given here, as this is a public space.

    Please note that opening a support ticket is a feature available only to paid accounts. If you do not have a paid account, but are interested in upgrading, you can contact our Sales team.

     

    While we'll do our best to answer your questions here, this medium is more inclined towards Okta's core products and features (non-developer work).

     

    Regards. 

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Collect them all. Learn a new skill and earn a new Okta Learning badge.

    Expand Post
This question is closed.
Loading
Share AMR claim Entra / Azure IDP in order to satisfy Okta admin MFA requirement