Integration with already federated Office365 domain
I need some confirmation on my understanding below related to O365 federation with Okta:
 If a customer has already setup a federated domain (say example.com.au) on O365 (say, using ADFS), then is it required to "un-federate" the domain before we could setup federation to the same domain via Okta?
In my understanding, during SSO configuration, Okta automatically detects that the domain is already federated using some other IdP like ADFS, and executes a different powershell cmdlet to setup federation with Okta. In other words, no special steps needed.
 If a customer has already imported users from AD to O-365, i.e. the immutableid for users is already set on O-365. What are the precautions, if any, to be taken before setting up SSO (WS-Fed) with Okta? How will Okta know about these immutableids?
In my understanding, Okta assumes that the immutableid is Base64Encoding of User’s AD-GUID and expects that will match that immutableid set on the user on O-365. This immutableid is included on the assertion within WS-Federation protocol.
Hi Jatin! You are correct on both your asumptions, but allow me to detail a bit.
When you set Okta to configure the federation automatically it will attempt to federate the domain by using the appropriate tools. If, for any reason, you see the federation fails, you have the option of doining it manually. First go to the Office 365 app in your Okta org -> Sign On tab -> select I want to configure WS-Federation myself using PowerShell and save. Then go to View Setup Instructions (same Sign On tab) and use the appropriate PowerShell commendlet you find there; whether to federate and already federated domain or a managed domain.