Azure/Intune newbie here.
We are planning to implement Intune in our org, and I have a question regarding user device log-in to Windows devices if Azure AD is Okta federated. From the log-in/lock screen, do users use their Okta credentials to log in to their devices instantly without taking them to the company okta portal?
We are an Okta shop and wanted to use a single set of credentials for device logins and Okta SSO.
This is not yet implemented, so I am unsure how the device log in works.
If your organization is planning to use Intune for managing Windows devices and you have federated your Azure Active Directory tenant with Okta, it is possible to allow users to sign in to their Windows devices using their Okta credentials.
When users sign in to their Windows device, they will be presented with the Windows sign-in screen, which will prompt them to enter their credentials. If your organization has configured Windows Hello for Business or multi-factor authentication, users will be prompted to provide additional verification.
If you have set up federation between Azure AD and Okta using the Security Assertion Markup Language (SAML) protocol, the Okta sign-in page will not be shown to the user during the Windows sign-in process. Instead, the user's credentials will be validated by Okta behind the scenes, and the user will be signed in to their device directly. Which of course will take more effort to implement SAML (As I have experienced)
To enable this sign-in experience, you need to configure the Windows 10 device to use Azure AD for authentication. You can do this by joining the Windows device to Azure AD during the device setup process or by using the Azure AD join feature to join the device to Azure AD.
Once the device is joined to Azure AD, you can then deploy Intune policies to the device to manage its settings and applications. Additionally, you can also use Azure AD Conditional Access policies to control access to company resources based on factors such as the user's location, device compliance status, and authentication context.
Keep in mind that to use this sign-in experience, your users will need to have their Okta credentials synchronized to Azure AD using Azure AD Connect or another supported method. Additionally, you may need to configure the Azure AD and Okta federation settings to ensure that the authentication flow works correctly.
