This article provides steps on how to prevent a service account from being prompted to log in with Okta on an Office 365 Web Services Federation (WS-Fed) domain.
- Office 365 (O365)
- Web Services Federation (WS-Fed)
An admin may want to exclude a service account from being prompted to log in with Okta in an Office 365 WS Federation domain. However, if the service account is associated with a domain that has been federated with Okta, it will inevitably prompt the service account to log in.
A way to prevent the service account from being prompted to log in with Okta is to associate it with a different domain that has not been federated with Okta.
-
Identify a non-federated domain in the organization's environment. This domain should not have an existing federation with Okta.
-
Associate the service account with the identified non-federated domain. This will prevent the service account from receiving Okta login prompts when accessing resources within the Office 365 WS Federation domain.
Another option is to enable Staged Rollout on the Microsoft Office 365 tenant to exclude users from federation. The Microsoft Support Team can assist with enabling this option.
NOTE: If the service account is associated with the federated domain, it will not be possible to exclude it from Okta login prompts. Therefore, to successfully implement this solution, ensure the chosen domain for the service account is non-federated.
