We use Azure as an IDP to Okta for logging into the Okta admin dashboard and supporting public users that use Okta for our org’s apps. Okta is saying by May 15 that they will require MFA for any log in to their admin dashboard. We need to avoid duplicative MFA for users already going through MFA on Azure. Okta says this can be accomplished with claims sharing:
Specifically, Okta is looking for an AMR claim–but I think only on the ID token. Microsoft has the AMR claim on the access token. It is not available to select as an id token claim, and it is not listed as something that can be added via the manifest like other claims listed here:
I attempted to add to the manifest nonetheless–but the claim never appeared in the ID token.