Install the Okta ADFS Plugin on your ADFS Server

After downloading the installer, complete the following steps.

  1. Navigate to the directory where the agent installer was downloaded.
  2. Unzip the archive, and run setup.exe as administrator.
  3. Click Next to start the installation.
  4. Log back into your Okta org, then navigate to the Microsoft ADFS (MFA) application application created in Install and configure Microsoft ADFS in Okta.
  5. The Okta ADFS Adapter install will prompt you for values for ClientId, ClientSecret, and Okta URL
    For example: 
    • ClientId: 90aSt67bHgyW9bv
    • ClientSecret: 80hglw7bw46hNoTpbnAyqzihouyzia
    • OktaURL: https://atkodemoorg.oktapreview.com

  6. (Optional) Register the adapter by setting Register Okta ADFS adapter.

    If you are installing in a Federation Server Farm, do not check Register Okta ADFS Adapter.
    Refer to the manual registration procedure detailed in the Farm Installation Addendum.

  7. Specify the drive and folder where you want to install the Okta MFA Adapter.

  8. The install completes, c lick Close.
  9. If you are installing in a Federation Server Farm, do not check Register Okta ADFS Adapter. Refer to the manual registration procedure detailed in the Farm Installation Addendum.
  10. ADFS 2019 only
    If you are installing in ADFS 2019, perform the following in a powershell window.
    1. Open a powershell window as administrator.
    2. Execute the following commands:
      $oktaCustomerName = "your customer name" 
      $oktaUrl = "https://$oktaCustomerName.okta.com" 
      $oktaCdnUrl = "https://*.oktacdn.com" 				
      

    3. if no custom Content Security Policy (CSP) exists execute:
      $CSP = ((Get-AdfsResponseHeaders | Select -ExpandProperty ResponseHeaders).'Content-Security-Policy')
      $CSP = $CSP + '; frame-src ' + $apihostname + ' ' + $oktaCdnUrl
      Set-AdfsResponseHeaders -SetHeaderName Content-Security-Policy -SetHeaderValue $CSP CORS
      Set-AdfsResponseHeaders -EnableCORS $true
      Set-AdfsResponseHeaders -CORSTrustedOrigins https://$($oktaUrl)
      

    4. if a custom Content Security Policy exists execute:
      $CSP = ((Get-AdfsResponseHeaders | Select -ExpandProperty ResponseHeaders).'Content-Security-Policy')
      if (-not ([string]::IsNullOrEmpty($CSP)))
      {
         $CSP += "; "
      }
      $CSP += "frame-src $oktaCdnUrl $oktaUrl"
      Set-AdfsResponseHeaders -SetHeaderName Content-Security-Policy -SetHeaderValue $CSP