It may be possible to notice some old Okta AAD Service Principal accounts in the Microsoft (MS) Entra ID/Azure Cloud environment that were being assigned MS Global Administrator privileges.
Okta creates one of these accounts for every 365 Okta integrations. This article explains how to determine which Okta Microsoft Office 365 application object is linked to each Okta AAD Service Principal account.
- Microsoft Azure Active Directory (AAD)
- Microsoft Entra ID
- Microsoft Office 365
- Okta Integration Network (OIN)
- Identifying Okta AAD Service Principal account for deleted MS Office 365 app instance(s)
The auto-generated accounts are created in the following format:
Okta AAD Service Principal:<Okta_Microsoft_Office_365_App_ID>An Okta Admin user may work with a Microsoft Admin user to cross-check on each of the active MS Office 365 app instances found in the Okta tenant org and to extract each MS Office 365 app instance ID.
This should allow the admins to identify the corresponding Okta AAD Service Principal account that associates to one or more active MS Office 365 app instance(s), and safely manage/delete those Okta AAD Service Principal accounts that are no longer associated to any of the active Okta Microsoft Office 365 app instance(s) from Microsoft product platform.
