Hi, Ive setup Office 365 Hybrid (with Exchange 2010). I am using OKTA for SSO and License provisioning and Azure AD Connect to provision users.
Ive installed IWA on a server. When I goto a client machine and goto outlook.office365.com, I have to type my email address at the Microsoft landing page and then that redirects me to my Okta sign in page. When I sign in manually all is OK. It seems that the IWA is not passing through my domain credentials to my browser.
It sounds like your server running the Destop SSO app has not been added to your Local Intranet Sites in Internet Explorer settings (or added to a GPO). Below are the steps to configure Internet Explorer and a link to the document on our admin support site where additional instructions for other browsers can be found:
1.Add the URL of the server that hosts your Desktop SSO IWA web app to your local intranet zone: Note: The URL hostname.companyname.com is the fully qualified domain name of the server in question. For example, my-iis7-host.corp.acme.com. It is not sufficient for this URL to be listed as a Trusted Site in the Trusted Sites zone.
Most organizations set up a Group Policy to configure this setting in their users' Internet options. a.On your Windows Control Panel, select Network and Internet > Internet Options > Security > Local intranet > Sites > Advanced. b.In the Add this website to the zone field, enter: https://hostname.companyname.com
c.Click Add. d.Click OK twice to close Internet Options.
2.Configure the browser. Setting up IWA is different for each browser. See the setup instructions below for your browser.
Windows Internet Explorer (Windows) a.In Internet Explorer select Tools > Internet Options. b.Click the Advanced tab, scroll down to the Security settings, and select Enable Integrated Windows Authentication. c.Click OK.
Note: Make sure that Internet Explorer can save session cookies (Internet Options > Privacy tab). If it cannot, neither SSO nor standard login can work.