This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 2%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hi, will Azure AD work for B2B user's if we have federation enabled with okta ? We have Okta as primary IdP. Is there any issue or limitation when Okta is in-place and Azure AD b2b federation is enabled ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 56.00000000000001%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Yes, you can fallow this link https://www.linkedin.com/pulse/integration-okta-idp-microsoft-azure-ad-b2b-carlos-segura-vidal-juope
Hi, It should work using the model:
However, you probably will need to talk to Okta support to get the exact steps on how to configure.
Example:
https://help.okta.com/en-us/Content/Topics/Apps/Office365-Deployment/deploy-main.htm
Thank you for reaching out to us. As per your query you have configured an application in Azure AD for authentication. Now there are Azure AD user who can access the application without any issues. But you also have other users who use OKTA as Identity provider.
You want other users who use OKTA also to access this application which is configured in Azure AD.
To achieve this you can make use of Azure AD B2B collaboration, so that users who are external to Azure AD can also access the application.
With this method, authentication is still be done by OKTA, but user will be able to access the application as there identity will get provisioned in Azure AD as guest.
Azure Active Directory (Azure AD) B2B collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. With B2B collaboration, you can securely share your company's applications and services with external users.
With Azure AD B2B, the partner uses their own identity management solution, so there is no external administrative overhead for your organization. Guest users sign in to your apps and services with their own work, school, or social identities.
You can refer below articles to know about B2B collaboration and how you can configure it in Azure AD,
As per your query as there are other users using OKTA as identity provider, you will have to configure “Federation with SAML/WS-Fed identity providers for guest users”. You can refer below article to configure this,
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/direct-federation
Please do let me know if you have any queries in the comments section.
Thanks,
Akshay Kaushik
Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.
Hi Akshay,
Thanks for responding and looking into the query.
My concern is that for O365 apps like Teams, SharePoint and OneDrive can user access these apps if user id is not created as guest account in my Azure AD Tenant. However the user id is in my Okta directory as B2B. So in this case will it work ? User id is not present in the Azure AD Tenant however it is only present in Okta directory.
For example Teams collaboration will it work in this scenario also ?