Integration of Azure with OKTA using OIDC

Yuvashri Jayakumar 21 Reputation points
2020-08-08T17:39:01.83+00:00

How do we integrate Azure with OKTA using OIDC.

My requirement is to accessing protected application and it redirects to OKTA. This passes to Azure for authentication. Once the user info is valid, then it redirects to the protected web application.

Here Azure acts as a IDP and OKTA as a federation provider. I have created a IDP in OKTA using OpenID connect provider. Then I have created an application in Azure Active Directory. In the IDP for the application, I have chosen OpenID connect and mapped the details of OKTA client Id and secret. But its not working.

I have tried using SAML. Its working fine. But I need to integrate both using the OIDC only.

I appreciate any help on this.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,874 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,465 questions
0 comments
Accepted answer
  1. soumi-MSFT 11,716 Reputation points Microsoft Employee
    2020-08-10T05:48:54.043+00:00

    @Yuvashri Jayakumar , Thank you for reaching out. Inorder to create add Azure AD as the IDP to OKTA, you need to make sure that the details of OKTA like RedirectURI is properly set in Azure. you can follow the steps mentioned below:

    1. The first step is to create an App registration and you can find the steps here.
    2. In the Redirect URI section of the page, paste the Okta redirect URI. The redirect URI sent in the authorize request from the client needs to match the redirect URI in the Identity Provider (IdP). This is the URL where the IdP returns the authentication response (the access token and the ID token). It needs to be a secure domain that you own. This URL has the same structure for most Identity Providers in Okta and is constructed using your Okta subdomain and then the callback endpoint.

    For example, if your Okta subdomain is called company, then the URL would be: https://company.okta.com/oauth2/v1/authorize/callback. If you have configured a custom domain in your Okta Org, use that value to construct your redirect URI, such as https://login.company.com/oauth2/v1/authorize/callback. 3. Copy the Application ID value so that you can add it to the Okta configuration. 4. Under Certificates & secrets of your App registration in AAD, click New client secret to generate a client secret for your app. Copy the value so that you can add it to the Okta configuration. This is the secret that corresponds to your Application ID.

    For Registering Azure AD as the IDP in OKTA, you would need to get the following details from Azure AD and feed it in OKTA.

    1. On the app Overview page, click Endpoints.
    2. In the panel that appears, copy the OpenID Connect metadata document URL and then paste that URL into a browser window to obtain the following endpoints: 
      - issuer
- authorization_endpoint
- token_endpoint
- jwks_uri

    Once you have the following details, you can follow the steps mentioned in the below article to configure Azure AD as IDP in OKTA: https://developer.okta.com/docs/guides/add-an-external-idp/azure/configure-idp-in-okta/

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest