Use Okta MFA claim with Security Defaults (not Microsoft Authenticator)

Josh Thompson 0 Reputation points
2024-05-17T20:18:09.0033333+00:00

We have multiple tenants, one of which is licensed and is configured to provision users from Okta. Our other tenants are free-tier and have Security Defaults enabled to enforce MFA. We invite employees at their Okta user email to become B2B Collaboration users in the free-tier tenants.

With this setup, our internal/employee users logging in to the Azure Portal of free-tier tenants where Security Defaults are turned on end up with the following authentication flow:

  1. redirected at login to authenticate with Office365 via Okta
  2. after successful authentication are redirected back to Azure
  3. users are prompted to register and use Microsoft Authenticator app to satisfy MFA, despite the fact that Okta is configured to pass the MFA claim.

Is it possible in free-tier tenants with Security Defaults enabled to have Azure Portal accept the Okta MFA claim to satisfy the MFA requirement enforced by Security Defaults? This flow is forcing a third-factor of authentication that is unnecessary with our use of Okta.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,106 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 143.6K Reputation points MVP
    2024-05-17T21:16:22.4866667+00:00
    0 comments No comments