<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Update Office 365 Single Sign-on Applications to Support SHA 256 Algorithm
Aug 6, 2025
Okta Identity Engine
SSO
Overview

Okta is committed to delivering the highest level of security for its customers. To reinforce this commitment, Okta is upgrading its Office 365 Single Sign-on integration to use the SHA-256 algorithm for signing authentication tokens. This change aligns with NIST’s recommendations for robust cryptographic practices and supports the gradual deprecation of older, less secure algorithms. By employing a 256-bit hash, SHA-256 significantly reduces the risk of collision and preimage attacks compared to SHA-128, thereby enhancing overall system security.

 

To take advantage of this upgraded integration, customers using Office 365’s Single Sign-on must follow the required actions below to migrate their Office 365 App in Okta.

Applies To
  • Office 365 application with Single Sign-on (SSO) enabled 
  • Office 365 SSO applications migrated to Microsoft Graph
  • SHA-256 algorithm
Solution

Prerequisites

 

For WSFed Automatic Configuration

  1. In the Admin Console, go to Applications > Applications.
  2. Select the Office 365 application, which has WS-Fed Automatic enabled. 
  3. Click the Sign-on tab. 
  4. Click on Edit, scroll down to the bottom, and click Save

 

For WSFed Manual with PowerShell Configuration

  1. In the Admin Console, go to Applications > Applications.
  2. Select the Office 365 application, which has WSFed Manual with PowerShell configuration enabled. 
  3. Click on the View Setup Instructions, and a new page will open with instructions. 
  4. On that instruction page, scroll down to the If your domain is already federated, enter the following section and copy the command to run it in PowerShell. 
  5. Once it is completed, return to the Office 365 application’s Sign On tab and click the Update Now button. 

Sign On tab

  1. Check the box and click the Update Now button. 

Update Now button

 

Contact Okta support

For any issues related to migration, contact Okta support.

Recommended content

Still looking for help?
Loading
Update Office 365 Single Sign-on Applications to Support SHA 256 Algorithm