• Office 365
• Just-In-Time (JIT) Provisioning
• Active Directory (AD)
• Okta Classic Engine

1. If there is no Office 365 app instance in Okta, create a new one (the Sign-On Method needs to be WS-Fed), and then enable Provisioning.
2. If there is an Office 365 app instance, please enable Provisioning. To enable Provisioning, navigate to Applications > Applications > {The Office 365 app instance} > Provisioning > Configure API Integration > Enable API Integration > Authenticate with Microsoft Account, then hit Save.
3. In the Okta Admin Console, navigate to Directory > Directory Integrations > {AD instance} > Provisioning > To Okta and check the Create and update users on login checkbox in the JIT Provisioning section.

4. Create a group in AD, import that group into Okta, and assign the group to the Office 365 app instance with proper licenses/roles.

The first time a federated user attempts to log in from an Office 365 thick client using their AD credentials, a user account will automatically be imported into Okta and then provisioned to Office 365.

Related References

• Add and update users with Active Directory Just-In-Time provisioning