Okta MFA provider for Active Directory Federation Services

Install the Okta Multifactor Authentication (MFA) provider for Active Directory Federation Services (ADFS) v. 3.0 and v 4.0.

This feature allows customers to use ADFS as their Identity Provider (IdP) for apps and Okta for MFA for strong authentication for your apps.

The Sign-In Widget (third generation) doesn't support multifactor authentication for third-party agents.

Before you begin

Requirements for installing the Okta MFA provider for ADFS:

  • Proxy Configuration: The Okta MFA provider for ADFS doesn't support a discrete proxy configuration but does follow system-level proxy configurations.
  • The Windows machine used for installation must have an active internet connection with port 443 open.
  • The installing account must have administrative rights to install the Okta MFA provider for ADFS, Visual C++ redistributable and .NET 4.0+.

Supported operating systems

The Okta MFA provider for ADFS agent can be installed on the following server versions:

  • Windows Server 2019 (v1.3.0 and later)
  • Windows Server 2016

Typical workflow

Task

Description
Download the agent
  1. In the Admin Console, go to SettingsDownloads.
  2. Download the Okta MFA provider for ADFS agent from the MFA Plugins and Agents section.
  3. Copy the downloadable file to the machine that you want to install the agent on.

See Okta ADFS Plugin version history.
Install and configure Microsoft ADFS in Okta Enable and configure these items:
  • Required MFA factors and a target group
  • The ADFS app
  • Cross-Origin Resource Sharing
Install the Okta ADFS Plugin on your ADFS Server Install and configure the ADFS Plugin on the ADFS server.

See Configure MFA for Active Directory Federation Services (ADFS) for more information on ADFS configuration settings.

Enable the Okta MFA Provider in ADFS Enable Okta as an MFA provider for ADFS.
Add Access Control Policy to a Relying Party Application Add the Access Control Policy to a Relying Party App.
Assign the Microsoft ADFS (MFA) application Assign the Okta app to users or groups.
Verify the Okta MFA prompt when signing in to ADFS Verify that the app behaves as expected.
Troubleshooting Troubleshoot the Okta MFA provider for ADFS agent installation.

Post installation and configuration tasks

Task

Description
Enable Open ID Connect with existing ADFS installations Enable Open ID Connect (OIDC) with existing ADFS installations.
Enable MFA as a service for existing installations configured for OIDC Enable MFA as a service with existing ADFS installations.