IsaacB.81593 (Customer) asked a question.
Hi:
I am trying to set up an org with Entra as an external IDP. I'm successful at getting the IDP to work and to do JIT provisioning of users. I want to pull an authentication method reference AMR from Entra, indicating to Okta, and apps downstream, what, if any MFA the user did in Entra.
I followed the setup described here - https://www.youtube.com/watch?v=lnOVsY3T6bE - but did not see the AMR in the debug data in the log. A key part of the video has you setting up custom app user attributes in the SAML IDP profile.
I read somewhere that the Entra does not pass the AMR correctly to Okta in SAML.
So, I'd like to try OIDC. Setting up the IDP-SP seems straightforward and I got that working. But the part I'm unclear about is if I need to add any custom attributes to the app user profile for OIDC. Do I add the exact user profile attributes in OIDC as I do for SAML? Is this documented anywhere?
Thanks,
Hello @IsaacB.81593 (Customer) Thank you for posting on our Community page!
For the OIDC setup you can review our documentation below:
https://developer.okta.com/docs/guides/social-login/microsoft/main/#
Please also see our documentation for SAML and WS-Fed below:
https://support.okta.com/help/s/article/Integrate-Microsoft-Entra-as-an-Identity-Provider-for-Okta-and-Vice-Versa?language=en_US
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.