When our AD users are not previous members of 365 and we assign them to our office365 app they are good.
However if a user already has an account in 365 after we link them they are unable to sign in to 365. Office 365 returns and error that says "We don't recognize this user ID or password"
If we delete the a test user in 365 and reprovision the app OKTA it fixes it. However we dont want to do this with live users. Is there a way to get users that had 365 accounts in the past to be able to logon after being setup in OKTA?
If I understand your question correctly, you are using AD mastered user accounts and possibly using Okta to provision the users into O365. The problem as stated occurs when Okta attempts to log a user into Office 365 that is preexisting in the O365 user list. The error given by O365 is “We don’t recognize this user ID or password.”
Without having access to the specific configuration for this tenant account, there are a couple of reasons this could be happening. The answer also depends on whether the connection method from Okta to O365 is via SWA or if O365 is federated to Okta.
The first reason would be a mismatch between the UPN of the AD user and their related preexisting O365 sign-on ID. This can be addressed by ensuring the user ID in Okta matches exactly with the equivalent user in O365 (SWA) or by utilizing Universal Directory in Okta on the Applications \ Office 365 \ Provisioning tab to map the user's AD UPN to the correct username format being used in O365 (Federated).
The second reason would be a mismatch between the user’s AD and O365 passwords. This could be caused if the password passed by Okta (AD) to O365 is not the same password currently set in O365 (SWA) or the ‘Sync Okta Password’ feature is disabled (Federated). The ‘Sync Okta Password’ feature is found on the Applications \ Office 365 \ Provisioning tab and can be enabled to sync the AD/Okta user’s password to their assigned O365 account.