In many situations, service accounts simplify and automate certain procedures that would otherwise require a human resource. For example, service accounts are used in printer software to send and receive emails from the printer automatically. Nowadays, more and more customers federate their domains with Okta for the sake of protection and MFA usage, but doing this will require some actions for the service account to work properly with the integration.

• Office 365 (O365) Federation
• Multi-factor Authentication (MFA)

There are two possibilities for how to resolve this situation:

1. Create an Okta user that can be matched to the service account from O365 and assign it to the application. Once this is done, add a sign-on policy in O365 to ignore MFA for these service accounts on the domain.
    

2. Modify the domain of the existing service accounts from O365 from @domain.com to @onmicrosoft.com (the default domain, which is never federated) so they are not affected by changes in Okta.