I am new to Okta so apologies for the question, We have users that are using laptops that although are joined to the domain, may not access the domain for weeks or even months. Users are happily logging on to the laptops with the cached credentials on the laptops. If I use okta to synchronise the office 365 accounts with the on prem AD, will the local (cached domain) credentials be updated when the office 365 details are changed? Or will they need to connect the laptop to the domain (via vpn) to have the new password.
No worries about the question - I'd be happy to clarify. From the description of the question, it sounds like you have some users who log in using their AD user credentials on domain joined machines but do so from off your company network.
In this particular case, as far as Okta is concerned, this still counts as the users accessing Okta via their domain credentials - Okta will still verify their credentials against your AD domain, if you are using Delegated Authentication (which you can check by going to your Admin dashboard -> Security -> Delegated Authentication).
The answer to the question of 'will the user's credentials be updated when the Office 365 details are changed' is typically 'no'. The password change would need to occur upstream (in AD or Okta) and it would be pushed downstream (to Office 365).
Hope this answer your question!
Andrei Aldea Technical Support Engineer Okta Global Customer Care