When configuring a WS-Fed integration with Microsoft Office 365, users may run into the following error after entering the Office 365 Admin Username and Office 365 Admin Password, specifically when attempting to Fetch and Select the Office 365 Domains list.
Invalid admin credentials
- Microsoft Office 365 (O365)
- Federating the Microsoft domain
- Single Sign-On (SSO)
The sign-in that happens based on the Office 365 Admin Username & Password from Okta is a Legacy authentication process. Therefore, if the Microsoft Global Admin account has any form of Multi-Factor Authentication (MFA) configured or Security Defaults are enabled on the account, the sign-in will fail as the process is unable to prompt the user for MFA.
To resolve this issue, the Microsoft Office 365 Global Admin account must have Security Defaults disabled and have all forms of MFA disabled (including phone or email verifications).
This Microsoft article shows how to enable MFA for an Office 365 account. To disable MFA, follow the steps in reverse.
