How to configure Okta with Azure AD to access enterprises application which in azure ad?

velraj0310 1 Reputation point
2022-06-10T13:16:59.257+00:00

I am new to Azure as well as okta and looking forward to do the same configuration which you mentioned,

I had created an application under enterprises application in Azure AD and assigned users from Azure AD and they are authenticated using openid connect protocol now I want users from okta who does not have Azure ad, has to access this application and authenticate using there okta credentials. In short (Application in Azure AD should be accessible by both Azure and okta users

Kindly helps me to configure/federate/migrate/integrate... what ever step by step

Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

1 answer

Sort by: Most helpful
  1. Sandeep G-MSFT 20,906 Reputation points Microsoft Employee Moderator
    2022-06-15T13:45:49.283+00:00

    @velraj0310

    Thank you for reaching out to us. As per your query you have configured an application in Azure AD for authentication. Now there are Azure AD user who can access the application without any issues. But you also have other users who use OKTA as Identity provider.
    You want other users who use OKTA also to access this application which is configured in Azure AD.

    To achieve this you can make use of Azure AD B2B collaboration, so that users who are external to Azure AD can also access the application.
    With this method, authentication is still be done by OKTA, but user will be able to access the application as there identity will get provisioned in Azure AD as guest.

    Azure Active Directory (Azure AD) B2B collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. With B2B collaboration, you can securely share your company's applications and services with external users.

    With Azure AD B2B, the partner uses their own identity management solution, so there is no external administrative overhead for your organization. Guest users sign in to your apps and services with their own work, school, or social identities.

     The partner uses their own identities and credentials, whether or not they have an Azure AD account.
     You don't need to manage external accounts or passwords.
     You don't need to sync accounts or manage account lifecycles.

    You can refer below articles to know about B2B collaboration and how you can configure it in Azure AD,
    https://learn.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b#collaborate-with-any-partner-using-their-identities

    As per your query as there are other users using OKTA as identity provider, you will have to configure “Federation with SAML/WS-Fed identity providers for guest users”. You can refer below article to configure this,
    https://learn.microsoft.com/en-us/azure/active-directory/external-identities/direct-federation

    Do let me know if you have any further questions.
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    2 people found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.