ⓔ
Microsoft Entra ID
External Authentication Method (EAM). Your signals become the MFA gate.
—
ⓞ
Okta
OIDC IdP / authenticator-like flow (redirect). Strong inline story.
—
Microsoft Entra ID (EAM)
Use POCLAB Trust as an MFA gate in Conditional Access (External Authentication Method).
Entra tenant ID
You can find this in Entra Admin Center → Overview → Tenant ID.
Open in Azure Portal
EAM client ID
—
Discovery URL
https://trust.poclab.com/eam/.well-known/openid-configuration
JWKS URL
https://trust.poclab.com/eam/.well-known/jwks
Entra setup checklist
Add POCLAB Trust as an External Authentication Method provider, then reference it inside a Conditional Access policy (MFA requirement).
- Open Entra Admin Center → Security → External authentication methods
- Create provider using: Discovery URL + Client ID
- Enable provider and add it to your Conditional Access policy as MFA requirement
- Test via My Apps / a target app sign-in
Okta (OIDC IdP / authenticator flow)
Okta will treat POCLAB Trust as an OIDC provider. Okta redirects users to POCLAB for verification,
then exchanges a code for an ID token at POCLAB’s token endpoint.
Okta org URL
Example: https://acme.okta.com (no trailing slash).
POCLAB client ID
—
POCLAB client secret
—
This is generated by POCLAB. Paste it into Okta. (It’s stored server-side and not shown again unless regenerated.)
Discovery URL
https://trust.poclab.com/okta/.well-known/openid-configuration
Authorize URL
https://trust.poclab.com/okta/verify
Token URL
https://trust.poclab.com/okta/token
JWKS URL
https://trust.poclab.com/okta/keys
Okta setup checklist
Add POCLAB Trust as an OIDC Identity Provider / authenticator-like step. Exact wiring varies by Okta edition & policies.
- Create or select a policy / authenticator chain where you want “POCLAB Trust” verification
- Add POCLAB Trust as an OIDC provider using the Discovery URL (recommended)
- Paste POCLAB Client ID + Client Secret into Okta
- Test sign-in and confirm users are redirected to POCLAB for verification