Mar 31 2020
- last edited on
Jul 24 2020
Implemented Hybrid Azure AD Joined with Okta Federation and MFA initiated from Okta.
Trying to implement Device Based Conditional Access Policy to access Office 365, however, getting Correlation ID from Azure AD. Did anyone know if its a known thing?
SSO State AD PRT = NO
Aug 25 2020 02:02 AM
@Kav77 Providing you details about this:
Please follow controlled HYAADJ rollout using Group Policy Object.
The only change you need to perform related to GPO object is the Tenant.
Use Tenant domain : domain.onmicrosoft.com and not the custom domain name verified to the tenant.
Also, the reason where you see AzureAD PRT = NO, is related to device where Windows device login work on Legacy Auth, so please create a Rule in Okta to allow legacy auth to the PRT token.
Be sure that device is able to communicate to DC and Internet while performing the device registration process.
Aug 25 2020 02:12 AM
Sep 07 2020 06:11 AM - edited Sep 07 2020 06:13 AM
@RIGAN25I wasnt sure what you meant by this initially: "Also, the reason where you see AzureAD PRT = NO, is related to device where Windows device login work on Legacy Auth, so please create a Rule in Okta to allow legacy auth to the PRT token."
Did some digging and found these two resources:
Though I didnt have the option to add a custom agent string, I did add another sign on policy in Okta to allow legacy auth and now my PRT token is generated and device conditional access policies work :)
Hopefully this helps someone else that may come across this.
Oct 15 2020 11:55 AM
@Kav77 Custom User Agent is Early Access, which Okta admins should be able to enable themselves from the Admin UI "Settings>Features". If not available, Okta support can turn it on for you.