Install and configure Microsoft ADFS in Okta
Before installing the Okta Multifactor Authentication (MFA) provider for Active Directory Federation Services (ADFS), you must do the following:
- Select authentication factors
- Define which groups use the Microsoft ADFS (MFA) app for authentication
- Add the Microsoft ADFS (MFA) app
- Enable Cross-Origin Resource Sharing
Okta orgs that aren't configured to support OpenID Connect and Single Sign-On can still install and configure Microsoft ADFS, but must use MFA as a service.
- Select authentication factors:
- In the Admin Console, go to .
- Click Add authenticator.
- Click Add on the authenticator that you want to add. At a minimum, add Okta Verify.
- Configure the authenticator and then click Add.
- In the Actions menu, choose Edit to configure more settings.
-
Define which groups to authenticate using the Microsoft ADFS (MFA) app:
- In the Admin Console, go to .
- Click Add Group.
- Complete the fields and then click Save.
- Add people to the group. See Users, groups, and profiles.
-
Add the Microsoft ADFS (MFA) app:
- Sign in to your Okta org as an admin.
- In the Admin Console, go to .
- Click Browse App Catalog.
- Search for and select Microsoft ADFS (MFA), and then click Add Integration.
- Enter a unique app label.
- Click Next.
-
For Okta orgs that are enabled for OpenID Connect and Single Sign-On:
-
On the Sign-On Options page, select OpenID Connect and enter an appropriate Redirect URI. Click Done.
Ensure that the redirect URI ends with a forward slash. For example, https://yourdomain.com/
For Okta orgs that aren't enabled for OpenID Connect and Single Sign-On:
- Go to the Sign On tab and ensure that MFA as a service is selected.
-
- Go to the General tab and note the values of the Client ID and Client secret. These values are required during the Install the Okta ADFS Plugin on your ADFS Server task.
- Follow steps to modify the configuration and confirm or configure useOIDC as false. You need to restart the agent after making an configuration changes.
-
Enable Cross-Origin Resource Sharing (CORS)
For more information about CORS, see CORS Overview.
- In the Admin Console, go to .
- Select the Trusted Origins tab, and then click CORS.
- Click Add Origin.
- Enter the following information:
- Name
- Origin URL: This can be your ADFS service name.
- Select the CORS checkbox, and then click Save.