Office 365 as user directory?

Azure AD?

Oh yeah, I think I saw something about the name change. Hopefully that does what you need.

Entra ID can do SAML and oauth. No need for Okta or on-premise ADFS.

I deal a lot in this area and this is under the enterprise applications in Entra ID typically for single sign on.

If you have a app that supports SAML, OAUTH and OIDC then you should be able to configure SSO with it.

With Entra it is getting mature enough that you can move endpoints to be entra joined only to be managed completely in the cloud with Intune and not require a on-premise AD.

But there is still on-premise support with hybrid joined devices and with Kerberos trust setup in AD makes setting up things like windows hello for business simpler than in the past.

I think Okta was a early leader in this space and for a while Azure AD/Entra may not have had feature parity but I think they do these days. With the fact of a organization is already paying for Entra through a enterprise license and Okta's security problems and the response to in my opinion has been them to be way more aggressive with sales, make me personally uncomfortable with Okta

Okta and Entra do have approximate feature parity, but Microsoft's security is so abysmal I would never willing choose them. The CSRB report was particularly damning of Microsoft's security culture. Okta's breaches have been fairly minor in comparison, but at least Okta has taken responsibility for those breaches and has stepped up their game. Okta can definitely be persistent with their sales pitches though, but I'm not a fan of Azure's pricing model so wouldn't really entertain it anyways.

I also find Azure's identity model to be overly complex and inconsistent, which makes it easy to misconfigure. It was clearly built ad-hoc and they tried to stitch it together after the fact.

That being said, if you already own the Azure licenses, it's not worth it to use Okta unless they solve a specific use case that Azure can't.

Go to your azure portal that you may or may not have known that you had. Sign in with your 365 global admin credentials. Head to Entra ID then to enterprise applications.


Create a new enterprise application.

Search for the app you want to do authentication with, if it's not in there create your own.

Profit?

Hope that's enough to get you started in the right direction at least.

The term OP is looking for is "Identity Provider".

And as others have already pointed out, yes Entra ID can act as an identity provider. We use it pretty much anywhere we can to provide user provisioning and single sign-on to other platforms.