Thats something that will require a CA policy and the corresponding licenses (p1/p2)
Use Okta MFA claim with Security Defaults (not Microsoft Authenticator)
We have multiple tenants, one of which is licensed and is configured to provision users from Okta. Our other tenants are free-tier and have Security Defaults enabled to enforce MFA. We invite employees at their Okta user email to become B2B Collaboration users in the free-tier tenants.
With this setup, our internal/employee users logging in to the Azure Portal of free-tier tenants where Security Defaults are turned on end up with the following authentication flow:
- redirected at login to authenticate with Office365 via Okta
- after successful authentication are redirected back to Azure
- users are prompted to register and use Microsoft Authenticator app to satisfy MFA, despite the fact that Okta is configured to pass the MFA claim.
Is it possible in free-tier tenants with Security Defaults enabled to have Azure Portal accept the Okta MFA claim to satisfy the MFA requirement enforced by Security Defaults? This flow is forcing a third-factor of authentication that is unnecessary with our use of Okta.