Install and configure Microsoft ADFS in Okta
Before installing the Okta Multifactor Authentication (MFA) provider for Active Directory Federation Services (ADFS) , you must:
- Select authentication factors
- Define the groups that will be authenticated by the Microsoft ADFS(MFA) application
- Add the Microsoft ADFS(MFA) application
- Enable Cross-Origin Resource Sharing
- Select authentication factors:
- In the Admin Console, go to Security > Multifactor.
- Select the Factor Types tab.
- Activate factors by selecting a factor and clicking Inactive > Activate.
Select authentication factorsSelect authentication factorsSelect authentication factors
See also MFA.
-
Define the groups that will be authenticated by the Microsoft ADFS(MFA) application:
- Sign in to your Okta tenant as an administrator.
- In the Admin Console, go to Directory > Groups.
- Click Add Group.
- Complete the fields in the Add group dialog and click Save.
- Add people to the group. See Users, groups, and profiles.
-
Add the Microsoft ADFS(MFA) application:
- Sign on to your Okta org as an administrator.
- In the Admin console go to Applications > Applications > Add Application, search for Microsoft ADFS (MFA).
- Click Add Application.
- Enter a unique name.
-
On the Sign-On options page, ensure the OpenID Connect is selected and enter an appropriate Redirect URI, then click Done.
Important
Ensure that the Redirect URI ends with a training forward slash. For example https://yourdomain.com/.
-
Select the Sign on tab of the newly created Microsoft ADFS application and confirm that the sign-on mode is OpenID Connect.
-
Enable Cross-Origin Resource Sharing (CORS)
- Sign on to your Okta org as an administrator.
- Navigate to Security > API.
- Select the Trusted Origins tab, then click CORS.
- Click Add Origin.
- Enter the following information:
Name
Origin URL: This can be your ADFS service name.
Check the box for CORS Type, then click Save.
