Overview

Note: This article only applies to customers who enabled Provisioning in Office 365 application. 

Okta strives to deliver the most secure integrations for our customers. To this end, Okta is introducing a stronger and more resilient way for enabling provisioning in Office 365 applications by moving to an OAuth-based consent flow leveraging the Microsoft Graph framework and, eliminating the need for administrator credentials to set up Provisioning for Office 365 with Okta. This change aligns with Microsoft’s plan to enforce MFA on administrators.

Important Dates to Note: 

• By December 31, 2024: To be proactive and secure our customers, Okta requires all customers to consent and leverage the upgraded integrations. If you don’t act, your Provisioning integration for Office 365 with Okta might be affected.

• Microsoft will require Multi-Factor Authentication for any administrators signing into the Azure Ecosystem. This change will happen in two phases:

  • Phase 1: Starting Oct 15, enforcement for MFA at sign-in for Azure portal only will roll out gradually to all tenants. This phase will not impact other Azure clients, such as Azure CLI, Azure PowerShell, and IaC tools. 

  • Phase 2: Starting in early 2025, enforcement for MFA at sign-in for Azure Command Line Interface (CLI), Azure PowerShell, and Infrastructure as Code (IaC) tools will gradually roll out to all tenants. There is no definitive date from Microsoft at this point for this phase. 

To take advantage of this upgraded integration, customers using Office 365’s Provisioning must follow the required actions below to migrate their Office 365 App in Okta.

Prerequisites

• An Office 365 application in which provisioning is enabled. 
• An App Administrator role in Okta to migrate the Office 365 Provisioning applications. 
• A Microsoft Global administrator credential with MFA enabled to update the Provisioning in Okta.

Solution

Update Office 365 applications with Provisioning enabled to support Microsoft Graph

1. In the Admin Console, go to Applications > Applications.

2. Select the Office 365 application, which has provisioning enabled. 

3. Click the Provisioning and click on the Integration tab. 

4. Click on Edit 

   • If you see the “Authenticate with Microsoft Office 365” button, click on it to provide consent and click Save. 

   • If you see the “Reauthenticate with Microsoft Office 365” button, then click Save. 

Contact Okta support

For any issues related to migration, contact Okta Support.

Related References

• Update Office 365 App Instance to Support Microsoft Graph
• Update Office 365 Single Sign-on Applications with Automatic Configuration to Support Microsoft Graph
• Frequently Asked Questions about Mandatory MFA Requirements for Microsoft Applications