Microsoft Office 365 provisioning flow fails with the following error visible in the Okta dashboard:

Automatic provisioning of user <user> to app Microsoft Office 365 failed: Could not validate your Office 365 credentials, received error: 400 AADSTS50034: The user account <user> does not exist in the <domain>.onmicrosoft.com directory. To sign into this application, the account must be added to the directory. Trace ID: <traceId> Correlation ID: <correlationId> Timestamp: <timestamp>

 

• Microsoft Office 365
• Provisioning
• Error

This error appears because the Office 365 Global Administrator credentials for creating the API connection are invalid.

1. Go to Okta Admin Console, navigate to Applications > Applications > Office 365 > Provisioning > Integration > then click Edit.
2. Click Re-authenticate with Microsoft Office 365. The Microsoft Azure login page appears.
   1. Log in to the Microsoft Azure account.
   2. Read and accept the requested permissions.
   3. Upon accepting the scopes in the Microsoft Azure portal, the page is redirected back to Okta.
3. Enter the valid Office 365 Global Administrator credentials.
4. Click Test API Credentials.
5. A message confirming successful authentication is generated. Click Save. 
6. Attempt the failed tasks again. Navigate to Dashboard > Tasks. Any failed assignments should appear under Tasks.

7. After locating the failed task for the user that should be retried, click Retry Selected.