<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5WR00001SQ7Pb0ALOkta Classic EngineDevices and MobilityAnswered2026-03-31T17:42:35.000Z2026-03-22T17:18:39.000Z2026-03-31T17:42:35.000Z

EvrixC.38453 (Customer) asked a question.

March 22, 2026 at 5:18 PM
Okta Device Access with Intune: Impact on Azure/Entra ID SSO, Okta Device Access

Hi everyone,

We are currently using Microsoft Entra ID as our primary identity provider for Azure and M365 services, as well as for MDM (Microsoft Intune). All users and credentials are created and managed directly in Entra ID.

We are now exploring a transition where Okta will be used as the primary login experience, including for user authentication on corporate laptops.

We would like to better understand:

  • What architectural options exist for integrating Okta with Entra ID in this scenario
  • What are the recommended approaches for device login (Windows) using Okta (Okta Device Access or Okta IDP+ Windows Hello for Business etc or another),
  • I’m considering a setup where Okta handles login via Okta Device Access and Intune manages device policies, but I’m concerned that proper SSO might break or not work consistently.
  • What are the best practices in this case for device login

Thank you in advance!

 

  • 5 answers
  • 56 views

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @EvrixC.38453 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    This should be achievable, but it's a heavy lift and the design and implementation would be the purview of the Okta Professional Services.  

    That being said, I'll try to provide a high-level description of things to consider. 

     

    If Okta is supposed to be the primary login experience for everything, you will need to federate the M365/Entra ID domain with Okta, which in turn will come with other deployment considerations down the line, like things discussed in this article .  

    Depending on what apps you have tied into the Entra ID implementation, you might have to hand over password management for them to Okta as well and if MFA is in the mix as well, you will need to look into passing the MFA claim to Entra for a more seamless end-user experience. 

    Once Okta is the IDP, you should be able to deploy Okta Device Access which has its list of requirements.

     

    I don't think this can be done without any downtime, and you will require back-up accounts for AD, Okta and (non-federated domain) Global Admin for the Entra side to ensure you will always have access to the environments to implement and troubleshoot. 

     

    If you already have an account with us, I strongly recommend reaching out to your Okta Account Executive to discuss your plans so they can engage dedicated resources for deployment and support that can go over the implementation with you in detail. 

    Otherwise, please contact our Okta Sales Team.   

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Collect them all. Learn a new skill and earn a new Okta Learning badge.

    Just released: More Okta Community badges just added

    Expand Post
    Selected as Best

Loading
Okta Device Access with Intune: Impact on Azure/Entra ID SSO, Okta Device Access