Why do users need to still type in password in Outlook 2013 Client even with Okta Desktop SSO configured? Skip to main content
https://support.okta.com/help/answers?id=906f0000000bllfiay&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
ThomasThomas (Okta, Inc.)  

Why do users need to still type in password in Outlook 2013 Client even with Okta Desktop SSO configured?

We deployed Okta with Office 365 for almost 2 months now. We have also completed deploying Desktop SSO with a corresponding IWA IIS Server.

All user PCs are Domain connected. All of our users use Outlook 2013 (Thick) Client to access our mail in O365. All users are using a full suite of Office 2013 Pro Plus installed in their PCs

We were expecting that once we sign in to our PCs and open outlook 2013 client we wouldn't see a login prompt or even have a need to type in our password again.

But we are still seeing login prompt on the Outlook Client. I've been searching the web for configuration or others having the issue.


Did we miss any configuration steps to have Desktop SSO work on our Thick Clients such as Outlook 2013 and Lync 2013?

Original Author: Jose Castro
Best Answer chosen by Thomas (Okta, Inc.) 
ThomasThomas (Okta, Inc.) 
Jose-

We've deployed Office 365 to our 2,000+ users earlier this year and yes, our users have to type passwords to get into their Outlook thick clients the first time and they choose to "Save Password" checkbox.  They are then not prompted for their password again until their AD password changes.

We investigated this behavior and we've found this to be a deficiency in Microsoft's implementation here.  Regardless of what Okta may do here, Outlook and/or Office 365 is not coded in such a way that allows for IWA/Desktop SSO to pass through credentials and not prompt the user.  This same behavior would be experienced with other vendors or services that compete with Okta.

Thanks,
Justin

Original Author: Justin Stanford

All Answers

ThomasThomas (Okta, Inc.) 
Jose-

We've deployed Office 365 to our 2,000+ users earlier this year and yes, our users have to type passwords to get into their Outlook thick clients the first time and they choose to "Save Password" checkbox.  They are then not prompted for their password again until their AD password changes.

We investigated this behavior and we've found this to be a deficiency in Microsoft's implementation here.  Regardless of what Okta may do here, Outlook and/or Office 365 is not coded in such a way that allows for IWA/Desktop SSO to pass through credentials and not prompt the user.  This same behavior would be experienced with other vendors or services that compete with Okta.

Thanks,
Justin

Original Author: Justin Stanford
This was selected as the best answer
Nico LehmannNico Lehmann
Thomas-

Just to clarify, is there is a way for Office 365 federeated users to either save their password so they won't be prompted? If they have access to their e-mail via their phone, will they have to update their password every few hours? 

Also, where is the setting that adjusts when a user is timed out of Okta and must log in again?
Josh MarquezJosh Marquez
Has there been any updates on this interaction?  We were led to believe during the acquisition phase of Okta that there was a work-around now.