We currently have all of our users synced to O365 via the Azure AD Connect tool. We now want to implement Office 365 via Okta to all of our users. I assign the app but provisioning fails with the following error:
An error occurred while assigning this app. Automatic provisioning of user USERNAME to app Microsoft Office 365 failed: Could not create user EMAILADDRESS in Office 365, received error: 400 Unable to add this user because a user with the user principal name already exists.
The deployment guide states the following when provisioning the O365 app to a user: If Provisioning is enabled in Okta, a user account will be created at the time of assigning the app. If a user already exists in Office 365, Okta will match the users up and maintain the relationship.
We tried to unsync the user accounts from O365 via Azure AD Connect but that caused email bounceback issues.
Check if you have a deleted user with the same UPN. I had the same error when the user was in the "deleted" state. When I moved the user to active state, Okta successfully matched the account. I suspect Okta does not know how to handle "deleted" users.
I don't think the issue is that the accounts are deleted. It might be the username format. The users still have the username format of @DOMAIN.LOCAL in AD. I will switch one of the today to @DOMAIN.ORG and see if I have better luck. Or were you talking about the username format in Okta instead? Thank you.