Microsoft Office 365 provisioning flow fails with the following error visible in the Okta dashboard:
Automatic provisioning of user <username> to app Microsoft Office 365 failed: Unable to read Office 365 directory sync for the company, received error: Could not validate your Office 365 credentials, received error: 401 AADSTS50055: The password is expired. Trace ID: <traceId> Correlation ID: <correlationId> Timestamp: <timestamp>
- Microsoft Office 365
- Provisioning
- Error
This error appears because the password is expired for the Office 365 Global Administrator account used for creating the API connection.
- After the password issue is fixed for the Office 365 Global Administrator account on the Microsoft side, go to Okta Admin Console, navigate to Applications > Applications > Office 365 > Provisioning > Integration, and click Edit.
- Click Re-authenticate with Microsoft Office 365. The Microsoft Azure login page appears.
- Log into the Microsoft Azure account.
- Read and accept the requested permissions.
- Upon accepting the scopes in the Microsoft Azure portal, the page is redirected back to Okta.
- Enter the valid Office 365 Global Administrator credentials.
- Click Test API Credentials.
- A message confirming successful authentication is generated. Click Save.
- Attempt the failed tasks again. Navigate to Dashboard > Tasks. Any failed assignments should appear under Tasks.
- After locating the failed task for the user that should be retried, click on Retry Selected.
