Apr 27 2022 09:52 AM
Apr 27 2022 09:52 AM
I am stuck with finding a away that will resolve my current problem or provide a solution that would be seamless for administrative purposes.
We use Azure AD
Partner uses OKTA and don't have Azure AD.
Partner needs access to our registered App but they want to use OKTA to access the app using a security group managed by partner to assist with changes of users on their side to automatically update user on our side so that terminated users on partner side does not have access to the app in our Azure tenant.
I was thinking of using B2B and registering their OKTA as an App and then invite their users / group users to join our Azure AD. That way users on Partner uses OKTA to authenticate and access the registered app on our tenant.
Problem with above is that we will create admin overhead for us managing the users/ guest users that gets terminated on partner side and if they don't inform us of this update.
Is anyone aware of a way that I can setup AZURE AD that can integrate with OKTA and get or pull users from partners OKTA to update the users on our side every 12 to 24 hours. It will not be all users on Partners OKTA only users that is part of a specific group in OKTA.
Any help would be greatly appreciated.
Apr 27 2022 11:33 PM
Apr 28 2022 08:55 AM
Jun 07 2022 05:44 AM
Hi @Skully1410 I am also looking to integrate one of my partner who is using Okta but not Azure, with my Azure ad and provide access to my enterprises application.
since I'm new to Azure and okta I have no idea to achieve this, so please guide/provide steps to intergrade if you got integrated successfully.
Jun 08 2022 11:17 AM - edited Jun 08 2022 11:20 AM
@Skully, your proposed solution of using B2B is the best way to go. To reduce the admin overhead, you can automate using Access packages to certain application. For the terminated users, I would suggest using Access review feature, where if the user is inactive, let's say 30 days, you take away the rights. This will ensure whoever is using keeps the access. Try using direct connect feature if that is applicable in your situation.B2B direct connect overview - Azure AD - Microsoft Entra | Microsoft Docs
For the question on Okta auth flow being used by partner for your tenant's resources/ App when you are using Azure AD for authentication, that's not possible since they are sign-in into your tenant, and can only be authenticated to Azure.