Migrate Conditional Access policies from Microsoft Entra ID to Okta
Each app in Microsoft Entra ID has its own Conditional Access policies. These policies can't be shared across apps.
Using Okta Workflows, migrate and review Conditional Access policies from Microsoft Entra ID. Then you can create the equivalent authentication policies in Okta.
Before you begin
- Complete the steps in Prepare for the migration.
- Ensure that each of the Microsoft Entra ID flows are toggled on in Okta Workflows.
- Sign in to the Microsoft Entra admin center and review your configured Conditional Access policies. The policies are in .
Run the migration flow
-
In the Workflows Console, open the folder that contains the Microsoft Entra ID export flows.
-
Select the 2.0 Get Entra ID Conditional Access Policies - Parent Flow.
-
Click Run.
-
Enter the token endpoint, client ID, and client secret that you created in Prepare for the migration.
Validate the export
-
After the flow is complete, validate that the export was successful.
-
In the Workflows Console, open the folder that contains the Microsoft Entra ID export flows.
-
Select from the export file folder to view the imported data.
The table displays the following information:
-
Policy Name: The name of the policy.
-
Policy State: Shows a state of enabled, disabled, or report only.
-
Conditions: Conditions that are defined in the policy including risk levels, platforms, and devices.
-
grantControls: Allows you to deny or block access.
-
sessionControls: Session details, including the sign-in frequency and app-enforced restrictions.
-
