<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Remove Microsoft Office 365 Federation Using the Okta UI
Oct 3, 2025
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview

This article describes how to remove Microsoft Office 365 Federation using the Okta User Interface (UI).

Applies To
  • Microsoft Office 365 (O365) Federation
Solution

The following video shows how to remove Office 365 federation in the Okta user interface.


 

The federation between Okta and Office 365 can be removed from the Okta Admin Console by switching the Sign On Type from WS-Fed to SWA for the Microsoft Office 365 application or deleting the app instance.

NOTE: Okta does not recommend deleting the app. For manual federation, when the app is removed, the domain won't be automatically de-federated. Manual de-federation using PowerShell is required. However, with automatic federation, if the app is removed, the domain is de-federated automatically.

To switch the Sign On Type from WS-Fed to SWA for Office 365:

  1. From the Okta Admin Console, navigate to Applications Applications.

  2. Locate the Microsoft Office 365 application that should be de-federated.

  3. Go to the Sign On tab of the application.

  4. Click on the Edit button. 

  5. Select Secure Web Authentication as the Sign On Type.

NOTE: Upon making this selection, there will be a prompt to choose how the Username and Password are created. This setting determines what username and password will be used to log users into Office 365. Since WS Federation does not use a password, the users' Office 365 accounts may not have a valid password to use, and/or the user may not know what it is.  This can be avoided by enabling Sync Okta Password in the O365 application's Provisioning settings. This will push the Okta password to Office 365.

  1. Save the configuration.

SSO methods

If there are multiple domains federated in O365 and it is desired to remove one or two domains, please do the following:

  1. From the Okta Admin Console, navigate to Applications Applications.

  2. Locate the Microsoft Office 365 application that should be de-federated.

  3. Go to the Sign On tab of the application.

  4. Click on the Edit button. 

  5. Click on Fetch and Select to view the list of domains federated with Okta.

  6. Remove the domains that should be defederated and click Select.
    select verified domains for federation   

  7. Click Save.

 

Defederation may take some time, depending on how long it takes Microsoft to process the request.

 

Related References

Recommended content

Still looking for help?
Loading
How to Remove Microsoft Office 365 Federation Using the Okta UI