This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 22%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Hi Team
I have a app hosted on Azure . I want to setup B2B collaboration with Okta.
Okta will be IDP. Need to setup B2B collaboration with Azure.
Here is what I have created. SAML 2.0 application on OKTA and added appropriate users.
(Could you pls provide me examples where i could reference Single sign on URL and Audience URI (SP Entity ID) , and all other SAML settings to work seamlessly with Azure)
On Azure
External Identities-->New SAML connection--> Added a dummy domain and metadata file obtained from Okta
ON App registration what should be my redirect uri ?
So user on a dummy domain from okta is getting authenticated but redirected to a page where it says SAML 2.0 assertion token failed .
Could you please provide me links/example
Regards
Ramya
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 2%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hello @Ramya Kamalanath , thank you for sharing the details. Ideally, the redirect URI for any app has to be provided by the application team as it's the URI where the app expects to receive the token from AAD or any other IDP. Hence it is something that the application team should have an understanding of.
Now coming to the bigger question of Adding Okta as IDP on Azure AD for that we can go by the general understanding of adding Okta as the External Identity provider on AAD and create a claims provider trust with it and on Okta's end AAD would be as a replying party.
To do that I guess you can try to check on the steps mentioned in this article where you would add O365 as an RP to Okta: https://help.okta.com/en/prod/Content/Topics/Apps/Office365-Deployment/deploy-main.htm
Disclaimer: This response contains a reference to a third-party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 33%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFD%3C/text%3E%3C/svg%3E)
I did, and I wrote up what I did at https://serverfault.com/a/1062334/126699 if anyone wants.
Thanks soumi for answering my question :)
The reference site that you have shared is for o365 but m looking out for something different . I have created a web application on Azure and deployed a simple .netcore project that displays home page upon successful URL. Authentication and authorization is happening from Azure
My requirement is I have users on Okta and now I want authentication and authorization to happen from Okta and upon success i should let only these users access the web application that i have created.
I have created openID connect webapplication on Okta configured the login url . And used the ClientID and secret in the code and published it to the site hosted on Azure
Using this directly in startup.cs has worked for me
.AddOpenIdConnect(options =>
{
options.ClientId = "";
options.ClientSecret = "";
options.Authority = "https://domain.okta.com";
options.CallbackPath = "/authorization-code/callback";
options.ResponseType = "code";
options.SaveTokens = true;
options.UseTokenLifetime = false;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name"
};
But I want to Add Okta in Identity Provider on Azure. How do I achieve it ?
Hello @Ramya Kamalanath , thank you for sharing more details. The reason I shared the O365 integration with Okta is that, when you are creating a federation between Okta and O365, the federation is actually getting created between AAD and Okta with Okta as the IDP and AAD as the replying party.
As the only other way to add Okta as an external Identity would be by following the details mentioned here:
Okta being third party I have no means to test that out and hence I can only ask you to test the same and share the general guidance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 40%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELM%3C/text%3E%3C/svg%3E)
Did you ever get the direct federation with Okta working? If so, can you please share the details?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 65%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
Hey @Falcon Darkstar Momot , can you please let me know if this can work with a developer subscription/account with Okta? Something like: https://dev-3841111.okta.com/ . The reason I ask this is because the domain is okta.com and I am more than 100% sure that it is already registered and which means I cant use the above, am right? For developers do you know a quick workaround/solution to test Okta as IDP with Azure AD?