Install and configure Microsoft ADFS in Okta

Before installing the Okta Multifactor Authentication (MFA) provider for Active Directory Federation Services (ADFS) , you must:

  • Select authentication factors
  • Define the groups that will be authenticated by the Microsoft ADFS(MFA) application
  • Add the Microsoft ADFS(MFA) application
  • Enable Cross-Origin Resource Sharing
  1. Select authentication factors:
    1. In the Admin Console, go to Security > Multifactor.
    2. Select the Factor Types tab.
    3. Activate factors by selecting a factor and clicking Inactive > Activate.
    4. Note

      See also MFA.

      Select authentication factorsSelect authentication factorsSelect authentication factors
  2. Define the groups that will be authenticated by the Microsoft ADFS(MFA) application:

    1. Sign in to your Okta tenant as an administrator.
    2. In the Admin Console, go to Directory > Groups.
    3. Click Add Group.
    4. Complete the fields in the Add group dialog and click Save.
    5. Add people to the group. See Users, groups, and profiles.
  3. Add the Microsoft ADFS(MFA) application:

    1. Sign on to your Okta org as an administrator.
    2. In the Admin console go to Applications > Applications > Add Application, search for Microsoft ADFS (MFA).
    3. Click Add Application.
    4. Enter a unique name.
    5. On the Sign-On options page, ensure the OpenID Connect is selected and enter an appropriate Redirect URI, then click Done.

      Sign on options of the Microsoft ADFS applicaton showing OpenID Connect enabled with a Redirect URI.

      Important Note

      Important

      Ensure that the Redirect URI ends with a training forward slash.  For example https://yourdomain.com/.

    6. Select the Sign on tab of the newly created Microsoft ADFS application and confirm that the sign-on mode is OpenID Connect.

  4. Enable Cross-Origin Resource Sharing (CORS)

    Info

    Note

    For more information about CORS, see CORS Overview.

    1. Sign on to your Okta org as an administrator.
    2. Navigate to Security > API.
    3. Select the Trusted Origins tab, then click CORS.

    4. Click Add Origin.
    5. Enter the following information:
      • Name

      • Origin URL: This can be your ADFS service name.

      • Check the box for CORS Type, then click Save.