Use Okta MFA to satisfy Azure AD MFA requirements for Office 365

This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature. To enable it, please contact Okta Support.

You can use Okta multi-factor authentication (MFA) to satisfy Azure AD MFA requirements for your WS-Federation Office 365 (O365) appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. instance. For example, suppose that your WS-Federation O365 apps are configured with Azure AD Conditional Access policies in O365 (including MFA) to manage access to those apps but you want Okta to handle the MFA requirement. As long as you have also configured either an Okta orgThe Okta container that represents a real-world organization.-level MFA sign on policy and/or an Okta app-level sign on policy for the O365 instance, Okta prompts your end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. for MFA when they access the apps.

You can also use Okta MFA to enroll end usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control. into Windows Hello for Business for Azure AD MFA, as detailed below.


Known Issue – Make sure to configure either an app or org level MFA policy in Okta before using this feature. Otherwise, when trying to access an O365 instance that has been configured in Azure AD Conditional Access to require MFA, end users can get stuck in an infinite authentication loop. This is most likely to occur if neither your Okta org nor O365 app instance is configured to prompt for Okta MFA. Because Azure expects Okta to supply the app's MFA requirement, the Okta loading animation spins indefinitely and the end user does not access the app.







Top