Configure Okta org

Before installing the Okta Multifactor Authentication (MFA) provider for Active Directory Federation Services (ADFS) , you must:

The following sections detail each of these requirements.

Configure factors

To select factors within your Okta org:

  1. Sign in to your Okta tenant as an administrator.
  2. In the Admin Console, navigate to Security > Multifactor.
  3. Select the Factor Types tab.
  4. Activate factors by selecting a factor and clicking Inactive > Activate.
Note

MFA management is outside the scope of this document. For more information, see MFA.

Configure group

To define groups within your Okta org:

  1. Sign in to your Okta tenant as an administrator.
  2. Navigate to Directory > Groups.
  3. Click Add Group.
  4. Click the name of the newly added group and use the various menu items to add members and manage group membership.
    Info

    User and group management is outside the scope of this document.
    For general information see Users, Groups, and Profiles

Configure application

  1. Sign on to your Okta org as an administrator.
  2. In Okta, navigate to Applications > Applications > Add Application, search for Microsoft ADFS (MFA), and then click Add Application.
  3. Enter a unique name.
  4. On the Sign-On options page, ensure the OpenID Connect is selected and enter an appropriate Redirect URI, then click Done.

    Sign on options of the Microsoft ADFS applicaton showing OpenID Connect enabled with a Redirect URI.

    Important Note

    Important

    Ensure that the Redirect URI ends with a training forward slash.  For example https://yourdomain.com/.

  5. Select the Sign on tab of the newly created Microsoft ADFS application and confirm that the sign-on mode is OpenID Connect.

Enable Cross-Origin Resource Sharing (CORS)

Info

Note

For more information about CORS, see CORS Overview.

  1. Login into your Okta org as an administrator.
  2. Navigate to Security > API.
  3. Select the Trusted Origins tab, then click CORS.

  4. Click Add Origin.
  5. Enter the following information:
    • Name

    • Origin URL: This can be your ADFS service name.

    • Check the box for CORS Type, then click Save.