Microsoft Office 365 provisioning flow fails with the following error visible in the Okta dashboard:

Automatic provisioning of user <username> to app Microsoft Office 365 failed: Unable to read Office 365 directory sync for the company, received error: Could not validate your Office 365 credentials, received error: 401 AADSTS50055: The password is expired. Trace ID: <traceId> Correlation ID: <correlationId> Timestamp: <timestamp>

This error appears because the password is expired for the Office 365 Global Administrator account used for creating the API connection.

1. After the password issue is fixed for the Office 365 Global Administrator account on the Microsoft side, go to Okta Admin Console, navigate to Applications > Applications > Office 365 > Provisioning > Integration, and click Edit.
2. Click Re-authenticate with Microsoft Office 365. The Microsoft Azure login page appears.
   • Log into the Microsoft Azure account.
   • Read and accept the requested permissions.
   • Upon accepting the scopes in the Microsoft Azure portal, the page is redirected back to Okta.
3. Enter the valid Office 365 Global Administrator credentials.
4. Click Test API Credentials.
5. A message confirming successful authentication is generated. Click Save.
6. Attempt the failed tasks again. Navigate to Dashboard > Tasks. Any failed assignments should appear under Tasks.

7. After locating the failed task for the user that should be retried, click on Retry Selected.