MFA for Active Directory Federation Services (ADFS)
The guide below outlines the setup process to install the Okta Multifactor Authentication (MFA) provider for Active Directory Federation Services (ADFS) v. 3.0 and v 4.0. With this feature, customers can use ADFS as their Identity Provider (IdP) to applications and also use Okta for MFA to provide a strong method of authentication for your applications. Please see the list of prerequisites and assumptions before starting the install process. For information on enabling TLS 1.2 in .NET and in Microsoft Internet Explorer browsers, see Okta ends browser support for TLS 1.1.
Topics
Before you begin
Requirements for installing the Okta Credential Provider for Windows:
- Proxy Configuration: The Okta Credential Provider for Windows does not support a discrete proxy configuration but will obey system level proxy configurations. To understand management of proxies on Windows machines, refer to www.technet.com.
- The Windows machine used for installation must have an active internet connection with port 443 open.
- The installing account must have administrative rights to install the Okta Windows Credential Provider Agent, Visual C++ Redistributable and .NET 4.0+.
- Inline enrollment is not supported.
End users must have enrolled their MFA tokens previously, by choosing an MFA option for their account when signing in to Okta the first time or after a reset. End users cannot enroll a token during an RDP sign in. End users with unenrolled tokens receive an authentication failed response from Okta when attempting to sign into an RDP server.

Important
TLS 1.2 is required. For information on enabling TLS 1.2 in .NET and in Microsoft Internet Explorer browsers, see Okta ends browser support for TLS 1.1.
Supported OS
The Okta Credential Provider for Windows agent can be installed on the following:
- Windows Server 2019 - v1.3.0 and later.
- Windows Server 2016
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2008
- Windows Server 2008 R2
Typical workflow
Task |
Description |
---|---|
Download the agent |
|
Configure Okta org |
Enable and configure:
|
Install the Okta ADFS Plugin on your ADFS Server |
|
Enable the Okta MFA Provider in ADFS |
|
Add Access Control Policy to a Relying Party Application |
|
Assign the Microsoft ADFS (MFA) Application in Okta |
|
|
|
|
|
Troubleshoot |
|