Federating to the Default domain is not allowed. Please change your Office 365 domain for this app. domain=example.com Skip to main content
https://support.okta.com/help/answers?id=9062a000000bmg2qai&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Jonny McKitrickJonny McKitrick 

Federating to the Default domain is not allowed. Please change your Office 365 domain for this app. domain=example.com

Hi I recieve the above message when attempting to enable WS-Federation for an O365 Application.

If I change to use their default admin@example.onmicrosoft.com (mailto:admin@example.onmicrosoft.com) golbal admin then I get the below message. Putting me in an infinite loop. We only have a single domain example.com in the O365 tenant.

"Please provide credentials for an Office 365 administrator who belongs to a separate domain you are about to federate. If you don not have such a user, please create an Office 365 user 'admin@yourcompany.onmicrosoft.com' (mailto:'admin@yourcompany.onmicrosoft.com') that has the role 'Company Administrator'

Any suggestions greatly appreciated.

 
Jonny McKitrickJonny McKitrick
Life saver thank you! Interstingly I had default set to yourcompany.com butchanged to onmicrosoft.com and it allowed me to enable ws-federation...
Paul.Bryan ADMIDaaS-paul.bryanPaul.Bryan ADMIDaaS-paul.bryan

Jonny the Okta support answer is wrong.

When you add a domain to O365, using the O365 admin portal, it alters your default domain to the new domain.  O365  will not alow you to federate the default domain.

To allow federation to occur, you need to alter the default domain back to "yourdomain.onmicrosoft.com"

For further information see https://support.okta.com/help/articles/Knowledge_Article/38682106-Microsoft-Office-365-Integration-Guide