When users subscribe to Microsoft Office 365 services, they are provisioned with a default onmicrosoft.com domain. This domain serves as their primary fallback domain and is automatically configured for tenant-level operations.
This article clarifies whether changing the default domain causes any issues with the existing users or Federated Domain(s) with Okta.
- Microsoft 365 / Office 365 (M365 / O365)
- Web Services Federation (WS-Federation)
- Single Sign-On (SSO)
Changing the initially assigned default domain from *.onmicrosoft.com to a custom domain does not impact user credentials or their ability to access applications or services. However, changing the domain name associated with a user impacts their email and other services.
Any of the tenant’s registered domains can be set as the default domain. Once changed, the newly set default domain will be used for new user accounts when created, acting as their primary email address and their user login.
A few things to keep in mind:
- The initially assigned onmicrosoft.com domain cannot be deleted as it is used behind the scenes for tenant subscriptions.
- Users can only have a total of five onmicrosoft.com domains in their Office 365 environment, and once they are added, they cannot be deleted or removed from within the tenant.
- When using a custom domain as the default domain, it cannot be federated with Okta. Doing so will display the following error message:
No issues should be encountered with the existing federated domains with Okta, provided that none of them are set as the new default domain. Microsoft will issue the error message below for such action:
Before making any changes, Okta recommends checking with Microsoft regarding the potential impact and compatibility with future updates.
