Office365 Provisioning Strategy - Managing Custom Attributes Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka0f0000000mbrlkas&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2foffice365-provisioning-strategy-managing-custom-attributes
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Average Rating:
Office365 Provisioning Strategy - Managing Custom Attributes
Published: Mar 7, 2016   -   Updated: Aug 17, 2017
Using either the 'Extended' or 'Directory Sync' Provisioning strategies from Okta Provisioning to O365 locks out manual edits to the O365 user profile. This creates a barrier to certain edge case attribute management strategies. 

Example scenario:
  1. Customer has OnPrem AD, but no Exchange, therefore vanilla (unmodified) AD schema. 
  2. Customer deploys O365, but not ActiveDirectorySync/AzureADConnect or ADFS, O365 is initially orphaned from AD, users are created manually. 
  3. Customer has some accounts which need to be unavailable in the GAL (Global Address List), so they manually edit O365 users (or use Powershell) to enable the msExchHide...attribute. 
  4. Customer elects to deploy Okta, set up WS-Fed, enable Extended Provisioning. 
  5. Now they can't edit msExchHide...attribute directly in O365 or via powershell (users synced to AD). Nor can they update msExchHide...attribute in AD as it doesn't exist on the schema. 

Question: Can we correct this by directly building a custom attribute in UD and mapping it to O365? 

Answer: Yes. Custom attributes in Okta can be synced to O365 even when the AD schema has not been extended. 

This applies to Okta customers provisioning to Office 365 with either the Extended or Directory Sync level of Okta Provisioning enabled. It does not apply to the use of ADSync or AADConnect. Also, it does not apply to ​Okta customers provisioning to Office 365 with the Basic level of Okta Provisioning enabled

Post a Comment