Okta Enhancements with Microsoft Office 365 Integration Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka02a0000005u8lsaa&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2fokta-enhancements-with-microsoft-office-365-integration-1961576155
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Average Rating:
Okta Enhancements with Microsoft Office 365 Integration
Published: Sep 14, 2017   -   Updated: May 15, 2018

okta-doc-source

Okta Enhancements with Microsoft Office 365 Integration

This article describes enhancements to our Office 365 integration.

Contents

User Provisioning

We provide four different types of user provisioning for Office 365: Licenses/Roles Management Only, Profile Sync, User Sync, and Universal Sync, all are described below.

Prerequisites

  • Universal Sync: Only supported for cloud-based environments. Note that hybrid environments, where some users are cloud-based and others may be on-premises, are also not supported.

Licenses/Roles Management Only

The only attributes available with this type of provisioning are licenses and roles. If you select this provisioning type, the only Provisioning Features that are available are Update User Attributes and Deactivate Users.

This feature is Generally Available (GA) for all users.


Profile Sync

Profile Sync, our default provisioning, sends this subset of user attributes to Office 365: username, first name,last name, and display name.

This feature is Generally Available (GA) for all users.

User Sync

With the introduction of extended provisioning with User Sync, admins can now choose to provision an enhanced user profile that contains many more attributes–an increase that allows for a much fuller experience of Office 365. These enhancements will help you transition from On-Premises Office, to cloud-based Office 365.

This feature is GA for all users.

Supported Attributes:

UsernameCountry code
First nameCountry
Last nameDepartment
Primary emailOffice
Display nameTelephone
Middle nameMobile phone
Street addressFax number
CityTitle
StateManager
Zip CodePreferred Language
UsageLocation

Universal Sync

Admins can now provision an even more extended user profile as well as distribution groups and contacts. Note: Currently the only resource we sync is Conference Room.

This is an Early Access feature; contact Okta Support to enable it.

Supported Attributes:

Alias

Assistant

AuthOrig

City

Country

CommonName

Company

CountryCode

CountryLetterCode

Description

Department

DisplayName

DLMemRejectPerms

DLMemSubmitPerms

Email

ExtensionAttribute1

ExtensionAttribute2

ExtensionAttribute3

ExtensionAttribute4

ExtensionAttribute5

ExtensionAttribute6

ExtensionAttribute7

ExtensionAttribute8

ExtensionAttribute9

ExtensionAttribute10

ExtensionAttribute12

ExtensionAttribute13

ExtensionAttribute14

ExtensionAttribute15

FaxNumber

FirstName

HomePhone

Info

Initials

InternetEncoding

IPPhone

LastName

LastPasswordChangeTimestamp

LegacyExchangeDN

Manager

MiddleName

Mobile

MSDSHABSeniorityIndex

MSDSPhoneticDisplayName

MSExchArchiveGuid

MSExchArchiveName

MSExchAssistantName

MSExchAuditAdmin

MSExchAuditDelegate

MSExchAuditDelegateAdmin

MSExchAuditOwner

MSExchBlockedSendersHash

MSExchBypassAudit

MSExchDelegateListLink

MSExchElcExpirySuspensionEnd

MSExchElcExpirySuspensionStart

MSExchElcMailboxFlags

MSExchEnableModeration

MSExchExtensionCustomAttribute1

MSExchExtensionCustomAttribute2

MSExchExtensionCustomAttribute3

MSExchExtensionCustomAttribute4

 

MSExchExtensionCustomAttribute5

MSExchHideFromAddressLists

MSExchImmutableId

MSExchLitigationHoldDate

MSExchLitigationHoldOwner

MSExchMailboxGuid

MSExchMailboxAuditEnable

MSExchMailboxAuditLogAgeLimit

MSExchModeratedByLink

MSExchModerationFlags

MSExchRecipientDisplayType

MSExchRecipientTypeDetails

MSExchRemoteRecipientType

MSExchRequireAuthToSendTo

MSExchResourceCapacity

MSExchResourceDisplay

MSExchResourceMetadata

MSExchResourceSearchProperties

MSExchRetentionComment

MSExchRetentionUrl

MSExchSafeRecipientsHash

MSExchSafeSendersHash

MSExchSenderHintTranslations

MSExchTeamMailboxExpiration

MSExchTeamMailboxOwners

MSExchTeamMailboxSharePointLinkedBy

MSExchTeamMailboxSharePointUrl

UsageLocation

MSExchUserHoldPolicies

MSRtcSipApplicationOptions

MSRtcSipDeploymentLocator

MSRtcSipLine

MSRtcSipOwnerUrn

MSRtcSipPrimaryUserAddress

MSRtcSipUserEnabled

MSRtcSipOptionFlags

Office

OnPremiseSecurityIdentifier

OtherFacsimileTelephoneNumber

OtherHomePhone

OtherIPPhone

OtherMobile

OtherPager

OtherTelephone

Pager

PreferredLanguage

PostOfficeBox

ProxyAddresses

PublicDelegates

State

Street Address

TargetAddress

TelephoneAssistant

Telephone

Title

UnauthOrig

UserCertificate

UserSMIMECertificate

WwwHomepage

Zipcode

URL

Enabling Enhanced Provisioning

To enable enhanced provisioning, either User Sync or Universal Sync, do the following:

  1. Select Applications > Microsoft Office 365 > Provisioning.
  2. Under Provisioning Style, select User Sync or Universal Sync. This sends Okta's extended user profile to Office 365.
  3. Select the Save button.

Okta maps attributes over from the Okta user profile to the Microsoft Office 365 user by default, but you should check the mappings and have the opportunity to make any changes.

To do so:

  1. Scroll to the bottom of the page and under Attribute Mappings, click the Edit Mappings button.
  2. The Microsoft Office 365 User Profile Mappings will open.
  3. Select the Okta to Microsoft Office 365 tab.
  4. View the attribute mappings and make edits if necessary.

    MS 1_1006x662
  5. Once you are satisfied with the mappings, click the Save mappingsbutton.

Centralized Microsoft Office 365 Licenses Control

Previously, Office 365 licensing allowed you to select a general license to assign during user provisioning, but you could not control which specific services were made available to the user. Admins now have the ability to specify which Office 365 services are enabled during user provisioning. For example, you could assign Microsoft E3 licenses with only Exchange and Lync enabled for your Sales team, while your Support team gets an E3 license with only SharePoint Online enabled.

This feature is GA for all users.

To specify which services are made available to your selected user or group do the following:

  1. When assigning a user or a group to Microsoft Office 365, you are now are presented with Licenses options as shown here:
Notes:
  • If you have selected a Provisioning Type of Licenses/Roles Management Only (see User Provisioning, above) these licenses and roles are the only attributes available.

  • O365 licenses that do not have a status set are not displayed.

MS 2_880x692

  1. Select the services you want the selected user or group to be licensed to use.
  2. Continue provisioning as before.

Mapping Custom ProxyAttributes

Admins can also map custom attributes not included in the default profile. For example, admins can now add a mapping for the ProxyAddressesattribute, part of the Early Access offering (above), even if they have not enabled the Early Access feature.

Using the ProxyAddresses attribute as an example, following are instructions for mapping custom attributes:

To utilize this attribute, you need to do the following:

  1. Add the ProxyAddresses Attribute to your Okta Active Directory Profile
  2. Add the ProxyAddresses Attribute to your Office 365 App Profile
  3. Map from Okta to Office 365 App

Add the ProxyAddresses Attribute to your Okta Active Directory Profile

  1. Select Directory > Profile Editor from the Admin Dashboard.
  2. Select the Profiles sub-tab, then expand the DIRECTORIES menu on the left and select your AD profile.
  3. Click the Add Attribute button.

    MS 3_986x442

The Pick Schema Attributes screen opens.

  1. Search for, then select the ProxyAddresses attribute, then click Save.

    MS 4_868x656

Add the ProxyAddresses Attribute to your Office 365 App Profile

  1. Select the Profiles sub-tab, then expand the APPS menu on the left and select your Office 365 User profile.
  2. Click Add Attribute.

    MS 5_992x450

The Pick Schema Attributes screen opens.

  1. Search for, then select the ProxyAddresses attribute, then click Save.

Map from Okta to Office 365

  1. ​With your Microsoft 365 User profile still selected, click Map Attributes.

    MS 6_1026x473

The Microsoft Office 365 User Profile Mappings screen opens.
  1. Select the Okta to Microsoft Office 365 tab.
  2. Scroll down and enter the following expression for the ProxyAddresses attribute:

    hasDirectoryUser()?findDirectoryUser().proxyAddresses:null

  1. Click the Save Mappings button.
MS 7_976x675
  1. Select Apply updates now so that the new mappings apply to all users with this profile.

For general information about custom attributes, see Using Custom Attributes with Active Directory.

Post a Comment