Office 365 Silent Activation
Okta Office 365 Silent Activation allows for a seamless experience for accessing Microsoft Office. Using Okta as an identity provider, this option enables silent activation for shared workstation or VDI environments. Once your end users have logged into a domain-joined Windows machine, no further activation steps are required.
For more information on how to setup a shared workstation for Microsoft Office 365, refer to Overview of shared computer activation for Office 365 ProPlus on the Microsoft site.
This is an Early Access feature. To enable it, please contact Okta Support.
Note the following configurations and restrictions that might prohibit enablement of silent activation for Office 365.
Okta uses Kerberos authentication to enable Office 365 silent activation. Setup for this exchange requires the creation of a new service account, and a unique service principal name (SPN) for the account.
Create a service account and configure an SPN
Note: Admin permissions are not required for the service account, but specific permissions are needed to set the SPN, as documented in Delegating Authority to Modify SPNs on the Microsoft site.
User logon name: HTTP/yourorg.oktapreview.com
User logon name (pre-Windows 2000): Your Username (can be any username)
Setspn -S HTTP/yourorg.oktapreview.com username
Setspn -S HOST/yourorg.oktapreview.com username
Where HTTP/yourorg.oktapreview.com and HOST/yourorg.oktaprevew.com are the user login name specified above, and username is the pre-Windows 2000 username specified above.
Setspn -S HTTP/atkodemo.oktapreview.com OktaCloudDsso
Setspn -S HOST/atkodemo.oktapreview.com OktaCloudDsso
Setspn -l username
C:\Windows\system32>setspn -L OktaCloudDsso
Registered ServicePrincipalNames for CN=OktaCloudDsso,CN=Managed
Enable Silent Activation
The next step is to enable On-Prem Desktop SSO within Okta.
Desktop SSO: Enabled
Service principal name(spn): HTTP/yourorg.oktapreview.com
Service account password: Your AD password.
Now you can test your Office 365 silent activation on an Active Directory joined machine (VDI or shared workstation).
Validate O365 Silent Activation
Complete the following steps on a machine that has the Office 2016 client installed.
Enable Browser Settings
For correct browser configurations, see the section titled Configure Desktop SSO with IWA under Install and configure the Okta IWA Web App for Desktop SSO.
Run the O365 Client