Client uses M365 + Okta for MFA | Voters

Client uses M365 + Okta for MFA

Andrew Alaniz

Does ITDR have any ability to consider the MFA from Okta as part of the overall identity space? I wonder if there's a way to bring this in to include as part of that ID threat.

October 3, 2025

Rich Mozeleski

Hi Andrew Alaniz, ITDR currently sees logins into Entra from third-party IDPs like Okta. I don't see a ton of value in adding Okta as an integration as it relates to compromised Entra credentials. I will admit that it's been over a year since we looked at Okta telemetry, so perhaps something has changed here.

In the future, we may consider third-party IDP integration as it relates to discovering Shadow IT infrastructure and SaaS app credential compromises.

Andrew Alaniz

Rich Mozeleski This makes sense. To ensure I'm being clear - would ITDR see if a third party app like Salesforce used M365 as IDP + Okta as MFA? I assume it would not see the MFA token auth, but would see the successful auth to Entra. So we'd lose any MFA funny business, but we'd still see authentication itself. So I think the question is how many clients would see benefit from the added MFA visibility with Okta versus just M365 which I totally get if the use of Okta for MFA is not prevalent in the customer base.