Configure WS-Federation Flashcards
What are the 2 sign-on methods for MS 365
Secure Web Authentication (SWA) and WS-Federation (WS-Fed), which is the more secure and preferred method.
What does SWA rely on
SWA relies on a username and a password for security credentials that can be selected by the end user or assigned by the administrator
What does WS-Federation rely on
WS-Federation is a specification that defines mechanisms to transfer identity information using encrypted SOAP messages. It adds an additional level of security. WS-Federation does not require a separate password for Office 365; consequently, Okta does not need to sync user passwords when WS-Federation is used.
How do you set up WS-Federation
- If Microsoft Office 365 is already set up, select Applications from the Administrator Dashboard, locate and select the Microsoft Office 365 app, and then select the Sign On tab. If you are setting up Microsoft Office 365 for the first time, access the Sign On tab by clicking Next from the General Settings tab.
- For SIGN ON METHODS, check the WS-Federation radio button.
- Click View Setup Instructions, shown below. They provide recommendations to prepare your domain for federated authentication.
- Specify whether you want to:
Configure WS-Federation myself using PowerShell.
Let Okta configure WS-Federation automatically for me.
- If you select to have Okta configure WS-Federation automatically, enter your Microsoft 365 API Admin Username and Password. The Default Relay State is optional. (The default relay state is the page your users will land on after they successfully log in.)
- Click Save
How do you Create a SAML Integration using AIW - Task 1
Note: Ensure that you add Okta to your browser’s allow list for 3rd-party cookies to prevent errors in your integrations. See Allow Third-Party Cookies for detailed instructions.
Task 1: Launch the Wizard
- Verify that you are using the Admin Console. If you are using the Developer Console, you need to switch over to the Admin Console. If you see < > Developer Console in the top left corner of your console, click it, then click Classic UI to switch.
- In the Admin Console, go to Applications > Applications.
- Click Add Application.
- Click Create New App.
- To create a SAML integration, select Web as the Platform and SAML 2.0 for the Sign on method.
- Click Create.