Byte-Sized Video: Okta Makes Modern SSO Compatible With a Hybrid Domain Joined State

Byte-Sized Video Banner

With so many people working remotely today, IT admins are often dealing with remote computers joined to their local Active Directory (AD) that also need to be connected to Azure AD to make use of newer, cloud-based features. This is what we call a hybrid domain joined state. 

Today, you can take advantage of the latest cloud features from a Windows 10 machine without having to fully migrate away from the legacy GPOs and on-prem security policies you’ve had for years in your local AD. That’s great when so many customers are accessing their Azure AD clouds from remote locations such as their home. This is the first step on the journey to a full cloud-based digital transformation.

However, it’s important to keep in mind that Microsoft’s hybrid domain join process operates alongside a legacy protocol. With Azure AD Connect, a device is synced from AD to Azure AD and the machine requests a PRT token using WS Trust so that the user can use SSO to access Office 365. As WS Trust is a legacy protocol—and Okta blocks all legacy and basic auth—the request is denied by default.

This raises an important question—does Okta interfere with realising a hybrid domain joined state? The answer is no. 

Okta is completely compatible with all hybrid domain joined scenarios, in fact, it isn’t involved in the hybrid joined domain step. Instead, it plays a role after the fact: Okta acts as a federated identity provider, managing the WS traffic for the PRT request. Our Office 365 Customer User-Agent feature offers a simple way to configure policies so that you can complete the PRT process while still making the most of modern access management with Okta. For a quick overview of what this looks like, check out our byte-sized video below:



Office 365 is one of the most popular workforce apps on the market today, and Okta is the top identity and access management solution. We’ve made sure Okta works with all Microsoft Azure AD tools, from Windows Hello for Business and Windows Autopilot, to Azure AD Conditional Access and Azure IaaS, so that you can simplify your journey to the cloud.