Automatic Provisioning Failed Office 365 404 Skip to main content
https://support.okta.com/help/answers?id=906f0000000i06aiac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Eddy GuerreroEddy Guerrero 

Automatic Provisioning Failed Office 365 404

We currently have all of our users synced to O365 via the Azure AD Connect tool. We now want to implement Office 365 via Okta to all of our users. I assign the app but provisioning fails with the following error:

An error occurred while assigning this app. Automatic provisioning of user USERNAME to app Microsoft Office 365 failed: Could not create user EMAILADDRESS in Office 365, received error: 400 Unable to add this user because a user with the user principal name already exists.

The deployment guide states the following when provisioning the O365 app to a user: If Provisioning is enabled in Okta, a user account will be created at the time of assigning the app. If a user already exists in Office 365, Okta will match the users up and maintain the relationship.

We tried to unsync the user accounts from O365 via Azure AD Connect but that caused email bounceback issues. 

Any ideas?
 
Raja NejemRaja Nejem (Okta, Inc.)
Typically it is because of the user name format that is being pushed out.  Verify that the username is the correct format.  Also, we can provision users to cloud only O365 deployments.
Alexander StavitskyAlexander Stavitsky
Check if you have a deleted user with the same UPN.  I had the same error when the user was in the "deleted" state.  When I moved the user to active state, Okta successfully matched the account.  I suspect Okta does not know how to handle "deleted" users.
Eddy GuerreroEddy Guerrero
I don't think the issue is that the accounts are deleted. It might be the username format. The users still have the username format of @DOMAIN.LOCAL in AD. I will switch one of the today to @DOMAIN.ORG and see if I have better luck. Or were you talking about the username format in Okta instead? Thank you.