Configure Okta org
Before installing the Okta Multifactor Authentication (MFA) provider for Active Directory Federation Services (ADFS) , you must:
- Configure factors to use with ADFS.
- Configure group for the end users who will authenticate sign ins.
- Configure application app.
- Enable Cross-Origin Resource Sharing (CORS).
The following sections detail each of these requirements.
Configure factors
To select factors within your Okta org:
- Sign in to your Okta tenant as an administrator.
- In the Admin Console, navigate to Security >Multifactor.
- Select the Factor Types tab.
- Activate factors by selecting a factor and clicking Inactive > Activate.

MFA management is outside the scope of this document. For more information, see MFA.
Configure group
To define groups within your Okta org:
- Sign in to your Okta tenant as an administrator.
- In the Admin Console, navigate to Directory > Groups.
- Click Add Group.
- Click the name of the newly added group and use the various menu items to add members and manage group membership.
User and group management is outside the scope of this document.
For general information see Users, Groups, and Profiles
Configure application
- Sign on to your Okta org as an administrator.
- Navigate to Applications > Applications, then click Add Application.
- Search for the Microsoft ADFS (MFA) application, and then click Add.
-
On the General tab for the Microsoft ADFS app, specify an Application Label relevant to your organization, then click Next.
-
On the Sign-On options page, ensure the OpenID Connect is selected and enter an appropriate Redirect URI, then click Done.
Important
Ensure that the Redirect URI ends with a training forward slash. For example https://yourdomain.com/.
-
Select the Sign on tab of the newly created Microsoft ADFS application and confirm that the sign-on mode is OpenID Connect.
Enable Cross-Origin Resource Sharing (CORS)
- Login into your Okta org as an administrator.
- Navigate to Security > API.
- Select the Trusted Origins tab, then click CORS.
- Select Add Origin.
- Enter the following information:
Name
Origin URL: This can be your ADFS service name.
Check the box for CORS Type, then click Save.