About Azure Active Directory integration

Typically, Okta acts as an identity provider (IdP) and delivers authenticated user profile data to downstream applications. Often overlooked is that you can configure Okta to act as a service provider for external IdPs to manage access to downstream applications, including those that are externally authenticated. For externally authenticated users assigned access to Okta-managed resources, Okta delivers user profile data to downstream applications as SAML assertions or OIDC tokens.

Using Okta to delegate authentication to shared resources is a common use case for integrating Okta with an external IdP. For example, a company using Okta to manage access to applications has a partner who needs access to an application to collaborate on a project. To reduce administrative effort and password creation, the partner prefers to use its existing Azure Active Directory instance for authentication. Okta can use inbound federation to delegate authentication to Azure Active Directory because it uses the SAML 2.0 protocol.