<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content

Authentications are Blocked when Integrating Office 365 with Okta and Microsoft Intune

Single Sign-On
Okta Classic Engine
Okta Identity Engine

Overview

When integrating Office 365 with Okta and Microsoft Intune, authentication attempts are blocked. One or both of the following events may appear in the system log:

DisplayMessage - Deny user access due to app sign on policy
EventType - application.policy.sign_on.deny_access


 

Applies To

  • Application Sign-On Policy
  • Microsoft Intune
  • Okta Classic Engine

Cause

The authentication from the Windows login screen using the Password factor is a legacy authentication flow against Okta.

Solution

The default Okta Application Sign On Policy blocks Legacy Authentication. Configure a Sign On Policy to allow Legacy Authentication using the procedure detailed in About app sign-on policies.

  1. Navigate to the Office 365 application within the Okta Admin Console.
  2. Select Sign-on.
  3. Scroll to Application Sign-On policies.
  4. To modify an existing rule click Edit(Pencil Icon), or to add a new Rule by clicking on Add Rule.
  5. Enable Exchange ActiveSync/Legacy Auth.
  6. In the Access section, ensure When all the conditions above are met, sign on to this application is option is set to Allowed.
Okta Application Sign On Policy blocks Legacy Authentication
  1. Click Save.
 
Loading
Okta Support - Authentications are Blocked when Integrating Office 365 with Okta and Microsoft Intune