<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Error "400 - Invalid Credentials" when Trying to Use Global Admin Account on O365 Microsoft App
Nov 7, 2025
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview

When trying to use the Microsoft Global Admin account on the Microsoft Okta app to fetch and select the domain or to allow Advanced API Access, Microsoft throws an Invalid credentials error.

The Okta System Log shows an error message similar to the following:

Could not validate your Office 365 credentials, received error: 400 AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '0000000'

Error message 

Applies To
  • Okta Integration Network (OIN)
  • Microsoft 365 / Office 365 (M365 / O365)
Cause

This error is thrown by Microsoft because it is waiting for a Multi-Factor Authentication (MFA) for that Global Admin account. Since Okta cannot provide MFA when performing the above API calls, Microsoft throws the error.

Solution

Disable the Microsoft MFA for the Office 365 Global Admin account used for WS-Federation.

Recommended content

Still looking for help?
Loading
Error "400 - Invalid Credentials" when Trying to Use Global Admin Account on O365 Microsoft App