Configure Okta org

Before installing the Okta Multifactor Authentication (MFA) provider for Active Directory Federation Services (ADFS) , you must:

The following sections detail each of these requirements.

Configure factors

To select factors within your Okta org:

MFA management is outside the scope of this document. For more information, see MFA.

To define groups within your Okta org:

Sign in to your Okta tenant as an administrator.
In the Admin Console, navigate to Directory > Groups.
Click Add Group.
Click the name of the newly added group and use the various menu items to add members and manage group membership.
User and group management is outside the scope of this document.
For general information see Users, Groups, and Profiles

Sign on to your Okta org as an administrator.
Navigate to Applications > Applications, then click Add Application.
Search for the Microsoft ADFS (MFA) application, and then click Add.
On the General tab for the Microsoft ADFS app, specify an Application Label relevant to your organization, then click Next.
On the Sign-On options page, ensure the OpenID Connect is selected and enter an appropriate Redirect URI, then click Done.

Important

Ensure that the Redirect URI ends with a training forward slash. For example https://yourdomain.com/.
Select the Sign on tab of the newly created Microsoft ADFS application and confirm that the sign-on mode is OpenID Connect.

Note

For more information about CORS, see CORS Overview.

Login into your Okta org as an administrator.
Navigate to Security > API.
Select the Trusted Origins tab, then click CORS.
Select Add Origin.
Enter the following information:
- Name
- Origin URL: This can be your ADFS service name.
- Check the box for CORS Type, then click Save.