{"id":1513,"date":"2024-10-23T13:39:38","date_gmt":"2024-10-23T08:09:38","guid":{"rendered":"https:\/\/www.enhisecure.com\/isecureblog\/?p=1513"},"modified":"2024-11-14T20:57:24","modified_gmt":"2024-11-14T15:27:24","slug":"microsoft-365-sso-integration-using-okta","status":"publish","type":"post","link":"https:\/\/www.enhisecure.com\/isecureblog\/2024\/10\/23\/microsoft-365-sso-integration-using-okta\/","title":{"rendered":"Microsoft 365 SSO Integration using Okta"},"content":{"rendered":"\n<ul class=\"wp-block-list\">\n<li style=\"font-style:normal;font-weight:600\" class=\"has-medium-font-size\">Overview<\/li>\n\n\n\n<li style=\"font-style:normal;font-weight:600\" class=\"has-medium-font-size\">Prerequisites<\/li>\n\n\n\n<li style=\"font-style:normal;font-weight:600\" class=\"has-medium-font-size\">Usecase Overview &#8211; Integration flow<\/li>\n\n\n\n<li style=\"font-style:normal;font-weight:600\" class=\"has-medium-font-size\">Technical Walkthrough<\/li>\n\n\n\n<li style=\"font-style:normal;font-weight:600\" class=\"has-medium-font-size\">Conclusion<\/li>\n\n\n\n<li style=\"font-style:normal;font-weight:600\" class=\"has-medium-font-size\">Reference Links<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading has-vivid-cyan-blue-color has-text-color has-link-color wp-elements-21d288149c38f2c33eb917416cef376c\">Overview:<\/h2>\n\n\n\n<p>Most of the organizations, rely on <a href=\"https:\/\/learn.microsoft.com\/en-us\/windows-server\/identity\/ad-ds\/get-started\/virtual-dc\/active-directory-domain-services-overview\">Microsoft Active Directory Services<\/a> or <a href=\"https:\/\/www.okta.com\/identity-101\/what-is-ldap\/\">LDAP<\/a> for a centralized store for identities &amp; access permissions. Majority of the on-prem applications rely on these services to authenticate and authorize the actions. But with the cloud-based application, where the applications would have their own identity profiles to manage the application it is challenging for the administrator to manage the user accounts &amp; it would be challenging for the end user too to use multiple identities for multiple applications.<\/p>\n\n\n\n<p>Okta provides a solution to utilize the existing <a href=\"https:\/\/learn.microsoft.com\/en-us\/windows-server\/identity\/ad-ds\/get-started\/virtual-dc\/active-directory-domain-services-overview\">Microsoft Active Directory Services<\/a> \/ <a href=\"https:\/\/www.okta.com\/identity-101\/what-is-ldap\/\">LDAP<\/a> services to access the SaaS applications through Active Directory \/ LDAP integration. This allows a single dashboard for the users to access the applications using their existing credentials and for administrators a centralized service to handle the lifecycle management.<\/p>\n\n\n\n<p>In this section, we will integrate an existing on-premises Active Directory to Okta and let Okta provision the user accounts for us in Microsoft 365 tenant.<\/p>\n\n\n\n<p>For simulating this in our lab environment, we\u2019ll need to have access to 3 entities &amp; few prerequisites.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Okta Tenant.<\/li>\n\n\n\n<li>Member Server for Okta Active Directory Agent Installation.<\/li>\n\n\n\n<li>Microsoft 365 tenant.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading has-vivid-cyan-blue-color has-text-color has-link-color wp-elements-2095310e6c7de90726c69765a720264b\">Pre-requisites:<\/h2>\n\n\n\n<p class=\"has-vivid-cyan-blue-color has-text-color has-link-color wp-elements-efffe07e8b92136edec6f5ff5fc74d69\">Okta Tenant:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An account with Super Admin role privileges.<\/li>\n<\/ul>\n\n\n\n<p class=\"has-vivid-cyan-blue-color has-text-color has-link-color wp-elements-486448b7d3047cd62a346b5f9a0eb421\">Member Server for Okta Active Directory Agent Installation:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The host server should have at least two CPUs and a minimum of 8 GB RAM.<\/li>\n\n\n\n<li>Host server running Windows server 2016 &amp; above is supported.<\/li>\n\n\n\n<li>.NET framework 4.6.2 and above is supported.<\/li>\n\n\n\n<li>Host server should be a member server part of the same domain.<\/li>\n\n\n\n<li>Okta agent installation wizard should be executed from host server.<\/li>\n<\/ul>\n\n\n\n<p class=\"has-vivid-cyan-blue-color has-text-color has-link-color wp-elements-fc0a328de7b2da471121c56bbf1bd3df\">Microsoft 365 Tenant:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Microsoft 365 tenant name \u2013 This is the default tenant name registered as \u201c<strong>comanyname<\/strong>.onmicrosoft.com\u201d<\/li>\n\n\n\n<li>Microsoft 365 domain \u2013 This is the custom domain which is chosen for federation.<\/li>\n\n\n\n<li>Microsoft 365 global administrator user account.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading has-vivid-cyan-blue-color has-text-color has-link-color wp-elements-7a0a66e9b0d281f3922bc4adcdc8602f\">Usecase Overview &#8211; Integration flow:<\/h2>\n\n\n\n<p>Please refer to the below video to have an understanding about Okta &amp; the use case around integrating Office365 with Okta.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"ENH iSecure Okta Workforce Identity Cloud-  M365 Integration\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/j1WN22Jxmfg?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading has-vivid-cyan-blue-color has-text-color has-link-color wp-elements-2a267ede6b73d7af57926d39a79207b5\">Technical Walkthrough:<\/h2>\n\n\n\n<p>Here&#8217;s the technical demonstration on the integration between Office 365 &amp; Okta.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"ENH iSecure Okta Workforce Identity Cloud - M365 Integration Demo\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/uipH-NgoTO4?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading has-vivid-cyan-blue-color has-text-color has-link-color wp-elements-55bdf9314978c2ae7be0a253cd5d1c7b\">Conclusion:<\/h2>\n\n\n\n<p>On a closure note, with all the steps carried out in this blog it is fair enough to say integrating Okta with Active Directory &amp; Office 365 eases the overhead of IT administrators for access management and provisioning happening through Single Sign-on. With this integration in place, IT administrators can manage the user assignments &amp; modifying the attributes from Okta and the replication will happen to AD &amp; Office 365 tenant.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-vivid-cyan-blue-color has-text-color has-link-color wp-elements-7757e622b80ccc1928da9337e350e6b4\">Reference Links:<\/h2>\n\n\n\n<p><a href=\"https:\/\/help.okta.com\/en-us\/content\/topics\/apps\/office365-deployment\/configure-sso.htm\">Okta Docs | Configure Single Sign-On for Office 365<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/help.okta.com\/en-us\/content\/topics\/directory\/ad-agent-main.htm\">Okta Docs | Active Directory integration<\/a><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview: Most of the organizations, rely on Microsoft Active Directory Services or LDAP for a centralized store for identities &amp; access permissions. Majority of the on-prem applications rely on these services to authenticate and authorize the actions. But with the cloud-based application, where the applications would have their own identity profiles to manage the application [&hellip;]<\/p>\n","protected":false},"author":36,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[91],"tags":[40,85,218,92],"class_list":["post-1513","post","type-post","status-publish","format-standard","hentry","category-okta","tag-active-directory","tag-integrations","tag-office365","tag-okta"],"_links":{"self":[{"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/posts\/1513","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/users\/36"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/comments?post=1513"}],"version-history":[{"count":25,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/posts\/1513\/revisions"}],"predecessor-version":[{"id":1569,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/posts\/1513\/revisions\/1569"}],"wp:attachment":[{"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/media?parent=1513"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/categories?post=1513"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/tags?post=1513"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}