If you turn off this feature, you must manually set the SupportsMfa setting to false for all domains that were automatically federated in Okta with this feature enabled. For the option Okta MFA from Azure AD, ensure that Enable for this application is unchecked and click Save. By setting up MFA, you add an extra layer of security to your Microsoft 365 account sign-in.From the Okta Admin Console, go to Applications > Applications.To disable the feature, complete the following steps: Azure AD Conditional Access accepts the Okta MFA claim and allows the user to sign in without requiring them to complete the AD MFA. So although the user isn't prompted for the MFA, Okta sends a successful MFA claim to Azure AD Conditional Access. This happens when the Office 365 sign-on policy excludes certain end users (individuals or groups) from the MFA requirement. Okta incorrectly sends a successful MFA claim accounts using multi-factor authentication, passwordless, or password autofill. To get out of the resulting infinite loop, the user must re-open the web browser and complete MFA again. Download Microsoft Authenticator and enjoy it on your iPhone, iPad. Choose either Yes or No at the prompt (either is acceptable) as shown below. If the user completes MFA in Okta but doesn’t immediately access the Office 365 app, Okta doesn’t pass the MFA claim. Go to Intel Azure Portal / My Apps and sign in with your email address and password. The user doesn't immediately access Office 365 after MFA. To safeguard access to data and applications, users can avail Azure AD multi-factor authentication (MFA) with SecureW2s Cloud RADIUS and connect to a VPN. But again, Azure AD Conditional Access requires MFA and expects Okta to pass the completed MFA claim. If the user is signing in from a network that’s In Zone, they aren't prompted for the MFA. The sign-on policy doesn’t require MFA when the user signs in from an "In Zone" network but requires MFA when the user signs in from a network that is "Not in Zone" However, Azure AD Conditional Access requires MFA and expects Okta to pass the completed MFA claim. Neither the org-level nor the app-level sign-on policy requires MFA. Okta sign-on policy is weaker than the Azure AD policy: End users can enter an infinite sign-in loop in the following scenarios:
0 Comments
Leave a Reply. |