<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Frequently Asked Questions for Certificate-based Authentication for Office 365
Jul 24, 2025
SSO
Okta Identity Engine
Single Sign-On
This article provides answers to frequently asked questions about Certificate-based Authentication for Office 365.

 

Table of Contents

What is Certificate-based Authentication for Office 365 feature?
How will this feature benefit you?
Are customers required to purchase Single Sign-on (SSO) SKU?
How can I enable this feature?
Is Certificate-based Authentication for Office 365 FedRAMP Compliant?
Which Office 365 environments does Ceritifcate-based Authentication for Office 365 work with?
How do I set up the feature in my Okta Org?
What happens if the customer runs into any issues?



What is Certificate-based Authentication for Office 365 feature?
Certificate-based authentication for Office 365 allows users to securely authenticate to their hybrid or pure Azure AD-joined devices using a smart/PIV card, providing a unified single sign-on (SSO) experience across all supported Microsoft applications.


How will this feature benefit you?
  • Seamless Single Sign-On: Users who log in with smart cards on hybrid or pure Azure AD-joined devices can enjoy an SSO experience across browsers and thick clients for Office 365 apps.
  • Controlled Authentication Methods: Administrators can restrict users to specified authentication methods, such as PIV/CAC cards, for both device logins and access to Microsoft apps, enhancing security.
  • Integrated Certificate Validation: Admins can allow users to use assigned certificates to log into their Hybrid/Azure AD-joined devices, with seamless validation of these certificates through Okta.

Are customers required to purchase Single Sign-on (SSO) SKU?
Customers who wish to leverage Certificate-based authentication for Office 365 must have the SSO SKU.


How can I enable this feature?
Certificate-based authentication for Office 365 will be available as a Self-Service EA to all SSO customers. Customers can enable it in their org by going to Settings > Features > Certificate-based authentication for Office 365.
 

Is Certificate-based Authentication for Office 365 FedRAMP Compliant?
Yes, Certificate-based Authentication for Office 365 works with Okta's FedRAMP Compliant cells.

 

Which Office 365 environments does Ceritifcate-based Authentication for Office 365 work with?
Certificate-based authentication for Office 365 will be available for customers in EA on the GCC High environment.
 

How do I set up the feature in my Okta Org?
Follow the steps mentioned in the product documentation to configure Certificate-based Authentication for Office 365 in the Okta tenant. 

 

What happens if the customer runs into any issues?
If there are any issues related to Certificate-based Authentication for Office 365, contact the Okta Support team by opening a case at support.okta.com.


 

Recommended content

Still looking for help?
Loading
Frequently Asked Questions for Certificate-based Authentication for Office 365