使用Okta的AAD Join + Onpremise SSO [英] AAD Join + Onpremise SSO Using Okta
问题描述
我一直在努力实现https://jankesblog.com/2016/01/single-sign-on-to-on-premises-resources-from-azure-ad-joined- when-onprem/
我有两个实验室
实验1:AD 2016,AAD Connect用于同步和Okta身份验证
实验2:AD 2016,Okta用于同步& Okta身份验证
当我在Lab1中测试上述情况时,由于AAD Connect同步了DomainDNSName,NetBIOS名称& Onpremisesamaccoutnanme.
当我在Lab2内部部署中测试相同功能时,SSO无法正常运行,因为okta无法更新属性DomainDNSName,NetBIOS名称&当我通过图资源管理器查看这些属性时,这些属性对用户而言是空的
通过Okta同步了
是否有一种方法可以获取Lab2的本地SSO.
我已经联系了okta,但他们无能为力,因为Microsoft文档说这些属性可用于AAD Connect,而对于其余系统则为只读
I have been trying hard to implement the scenario described in the article https://jankesblog.com/2016/01/single-sign-on-to-on-premises-resources-from-azure-ad-joined-when-onprem/
I have 2 labs
Lab1: AD 2016, AAD Connect for synchronization & Okta for Authentication
Lab2: AD 2016, Okta for synchronization & Okta for Authentication
When I test the mentioned scenario in Lab1, it works perfectly well as AAD Connect synchronizes attributes DomainDNSName, NetBIOS name & Onpremisesamaccoutnanme.
When I test the same in Lab2 On-premise SSO doesn't work as okta could not update the attributes DomainDNSName, NetBIOS name & Onpremisesamaccoutnanme, When I looked at these attributes through graph explorer these attributes are empty for the users
synced through Okta
Is there a way to get on-premise SSO for Lab2.
I have contacted okta but they are unable to help as Microsoft documentation says these attributes are available for AAD Connect and for rest of the systems it is Read-only
推荐答案
You can enable SSO by integrating Okta with ADFS or using Okta's LDAP Single Sign-On solution. Please refer to below documents -
- ADFS
- 单一登录:ADFS与LDAP之间的区别
- 广告中的Okta集成
- ADFS
- Leverage ADFS in Okta
- Single Sign-On: The Difference Between ADFS vs. LDAP
- Okta Integration in AD
这篇关于使用Okta的AAD Join + Onpremise SSO的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
