Install the Okta ADFS Plugin on your ADFS Server

After downloading the installer, complete the following steps to install the the ADFS plugin on your ADFS server.

  1. Navigate to the directory where the agent installer was downloaded.
  2. Unzip the archive, and run setup.exe as administrator.
  3. Click Next to start the installation.
  4. Log back into your Okta org, and navigate to the Microsoft ADFS (MFA) application application created in Install and configure Microsoft ADFS in Okta.
  5. The Okta ADFS Adapter install will prompt you for values for ClientId, ClientSecret, and Okta URL
    For example: 
    • ClientId: 90aSt67bHgyW9bv
    • ClientSecret: 80hglw7bw46hNoTpbnAyqzihouyzia
    • OktaURL: https://atkodemoorg.oktapreview.com

  6. Optionally, register the adapter by checking the Register Okta ADFS adapter check box.

    If you are installing in a Federation Server Farm, do not check Register Okta ADFS Adapter.
    Refer to the manual registration procedure detailed in the Farm Installation Addendum.

  7. Specify the drive and folder where you want to install the Okta MFA Adapter.
    Default: c:\Program Files\Okta MFA Provider\

  8. The install completes, click Close.
  9. If you are installing in a Federation Server Farm, do not check Register Okta ADFS Adapter. Refer to the manual registration procedure detailed in the Farm Installation Addendum.
  10. ADFS 2019 only
    If you are installing in ADFS 2019, execute the following in a powershell window.
    1. Open a powershell as administrator.
    2. Modify script for your okta domain and execute:
      Copy

      powershell script

      # Please change the value of <customer_subdomain>
      $oktaUrl = "https://<customer_subdomain>.okta.com" 
      $oktaCdnUrl = "https://*.oktacdn.com"
          
      $CSP = ((Get-AdfsResponseHeaders | Select -ExpandProperty ResponseHeaders).'Content-Security-Policy')
      if (-not ([string]::IsNullOrEmpty($CSP)))
      {
          $CSP += "; "
      }
      $CSP += 'default-src ' + $oktaUrl + ' ' + $oktaCdnUrl + '; frame-src ' + $oktaUrl + ' ' + $oktaCdnUrl + '; img-src ' + $oktaUrl + ' ' + $oktaCdnUrl
      Set-AdfsResponseHeaders -SetHeaderName Content-Security-Policy -SetHeaderValue $CSP
      Set-AdfsResponseHeaders -EnableCORS $true
      Set-AdfsResponseHeaders -CORSTrustedOrigins $($oktaUrl)