The following error is received when provisioning users to O365:

An error occurred while provisioning Microsoft Office 365
Automatic provisioning of user [User DisplayName] to app Microsoft Office 365 failed: Could not communicate with Office 365 to validate your credentials, received error: 400 Showing a modal dialog box or form when the application is not running in UserInteractive mode is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly style to display a notification from a service application.
Please fix this on the Tasks Page

• Provisioning
• Office 365
• Okta Classic Engine

The Global Administrator account configured to handle provisioning for the Office 365 application in Okta has Multi-Factor Authentication (MFA) enabled within Office 365. Okta cannot process or bypass the MFA challenges, which results in failed provisioning tasks.

In Office 365, disable MFA for the account that is configured to handle provisioning:

1. Verify the Admin account used for O365 provisioning:

   1. In the Okta Admin Console, click Applications > Applications.

   2. Select the O365 app instance.

   3. Click Provisioning and select Integration in the left pane.  The Office365 admin account will be listed in the Admin Username field.

2. Log in to O365 as a Global Administrator and navigate to the Admin Centre.

3. Select Users > Active Users > Select More dropdown > Select Multi-Factor Authentication setup.

4. Change the view to Global Administrators. 

5. Select the Admin being used for the O365 app integration in Okta. 

6. Choose disable under the quick steps on the right-hand side. 

Verify Solution

1. In the Okta Admin console, click Applications > Applications.

2. Select the O365 app instance.

3. Click Provisioning and select Integration in the left pane.

4. Click Edit. 

5. Click Test API Credentials.