A user may be unable to sign in to Microsoft Office 365 applications (for example, Outlook, Teams) on an iOS device, even though they can log in to Okta and M365 successfully on macOS.

• Entering the Microsoft email address redirects the user straight to the Okta password page, skipping the username entry.
• The login attempt fails with a generic Unable to sign in error.
• No login activity appears in the Okta System Logs, indicating that the authentication request is failing before Okta can validate it because an incorrect username is being passed in the background.

• Microsoft Office 365 (Mobile Apps)
• iOS / iPadOS
• Okta Single Sign-On (SSO)
• Mismatch between Microsoft UPN and Okta Username (for example, during an email migration or alias change)
• Okta Identity Engine (OIE)
• Okta Classic Engine

This issue is caused by a credential mismatch cached within the Microsoft Authenticator (acting as a broker) or the embedded mobile browser:

• Legacy Account Cache: If the user’s email address was previously changed (for example, from alias@domain.com to firstname@domain.com), the mobile device may retain the legacy identity in Microsoft Authenticator.
• Auto-Population Error: When the user enters their current M365 email, the app redirects to Okta and automatically passes that email as the Okta username. If the user's Okta Username is still set to their legacy email/alias, Okta rejects the request because the user firstname@domain.com does not exist in the Okta directory.
• System Log Absence: Because the app is submitting a username that does not exist in the Okta environment, the attempt may not trigger a standard "failed login" event for the expected user profile.

To resolve this, the user must manually force the Okta widget to accept their actual Okta username instead of the auto-populated Microsoft email.

1. Prepare MFA Code:
   1. Open Okta Verify on the mobile device.
   2. Wait for a new 6-digit code to be generated, then write it down.
   3. NOTE: Do not switch apps during the login process, as the Microsoft Authenticator/iOS login window will often refresh and reset the session.
2. Initiate Microsoft Login:
   1. Open the Microsoft app and enter the current email address (for example, firstname@domain.com).
3. Redirect and Override:
   1. When the page redirects to the Okta password screen, select the Back to sign in or Sign in as a different user link.
   2. Clear the username field (which likely contains the firstname@domain.com address).
   3. Manually enter the official Okta Username (for example, alias@domain.com).
4. Finalize Authentication:
   1. Enter the Okta password.
   2. When prompted for MFA, enter the 6-digit code recorded in Step 1.
5. Prevent Recurrence:
   1. Open the Microsoft Authenticator app.
   2. Check for any legacy account profiles (the old email address) and remove them to ensure the device defaults to the correct identity in the future.