When configuring Automatic WS-Federation, the Fetch and Select option displays a list of Office 365 domains available for federation. However, subdomains may not appear in the list due to specific configuration requirements. This article will walk through the process of ensuring the desired subdomain is included in the "Fetch and Select" list and explain why it is absent.
- O365
- Subdomains
- Single Sign-On (SSO)
Verified domains are retrieved from the Microsoft tenant, but only root domains are included. Subdomains that are not root domains are excluded.
The prerequisite for a domain to appear in the "Fetch and Select" list is:
- "
isRoot": trueand"isVerified": true.
Use Microsoft Graph Explorer to promote the subdomain to Root:
- To confirm whether the subdomain is set to Root, use Graph Explorer (Use Graph Explorer to try Microsoft Graph APIs) to run the following command:
GET https://graph.microsoft.com/v1.0/domains/[REPLACE WITH SUBDOMAIN]
- By default, the subdomain will be set to
"isRoot": false. To promote the subdomain to Root, run the following command in Graph Explorer:
POST https://graph.microsoft.com/v1.0/domains/[REPLACE WITH SUBDOMAIN/promote
-
- For further details, please refer to this document: Change subdomain authentication type in Microsoft Entra ID.
NOTE: Okta is not responsible for the content of third-party vendor documentation. Please contact Microsoft if there are any queries or concerns about these instructions.
