Okta Now Supports Entra External Authentication Method (EAM)

By /

Listen to this Post

Featured Image
Okta has finally added support for Microsoft Entra External Authentication Method (EAM), allowing Okta Verify to meet Conditional Access “Require MFA” requirements without custom controls.

Official Documentation:

You Should Know: Step-by-Step Implementation Guide

1. Create an App Registration in Microsoft Entra

  • Navigate to Azure Portal > App Registrations > New Registration.
  • Add a Redirect URI for the Web platform matching your Okta org authorization endpoint:
    https://<org-name>.okta.com/oauth2/v1/authorize/callback
  • Keep the Application ID and Tenant ID for later use.

2. Enable Entra EAM in Okta Admin Console

  • Log in to Okta Admin Console > Settings > Features > Enable Entra EAM.
  • Go to Applications > Browse App Catalog > Search for “Entra” > Select Microsoft Entra ID External Authentication Methods > Add Integration.

3. Configure Okta with Entra Details

  • Copy the Directory (Tenant) ID and Application (Client) ID from Entra into Okta.
  • For GCC / Vianet, ensure the correct tenant type is selected.
  • Click Done to create the app in Okta.

4. Add Okta EAM to Microsoft Entra

  • Open Microsoft Entra Portal > Protection > Authentication Methods > Add External Method.
  • Enter:
  • Client ID (from Okta)
  • App ID (from Entra)
  • Discovery Endpoint (format):
    https://<orgname>.okta.com/oauth2/v1/authorize?client_id=<client_id>
  • Click Request Consent (requires Privileged Role Admin or Global Admin).
  • Enable the method and assign a security group for testing.

5. Update Conditional Access Policies

  • Duplicate existing Conditional Access (CA) policies using Custom Controls.
  • Modify the new policy:
  • Replace Custom Control with Require MFA.
  • Target the EAM test group.
  • Exclude the group from the old policy.

6. Verify Functionality

  • Test authentication flow to confirm Okta Verify works under Entra EAM.

What Undercode Say

This integration simplifies MFA enforcement by eliminating custom controls, improving security posture. Below are some Linux/Windows commands for related security checks:

Linux Security Checks

 Check active authentication logs 
sudo tail -f /var/log/auth.log

Verify PAM module configurations 
cat /etc/pam.d/common-auth

Test SSO connectivity (replace with your endpoint) 
curl -v https://<org-name>.okta.com/oauth2/v1/authorize

Windows PowerShell for Entra ID

 Check Azure AD module 
Get-Module -Name AzureAD -ListAvailable

Verify authentication methods 
Get-AzureADPolicy -All $true | Where-Object Type -eq "AuthenticationMethodsPolicy"

Test conditional access policies 
Get-AzureADMSConditionalAccessPolicy

Prediction

As more enterprises adopt hybrid identity solutions, Okta and Microsoft Entra integrations will become standard, reducing reliance on third-party MFA solutions.

Expected Output:

  • Successful Okta-Entra EAM integration.
  • MFA enforcement without custom controls.
  • Improved identity security posture.

Reference:

IT/Security Reporter URL:

Reported By: Nathanmcnulty It – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: