An administrator configuring the Microsoft Office 365 application in Okta notices a new feature in the Provisioning tab labeled User Attributes Only. The administrator needs to understand the purpose of this feature, how it affects Okta-to-O365 password synchronization, and the potential impact of enabling it on the existing environment where Okta currently manages licenses and roles.

• Administrators managing the integration between Okta and Microsoft Office 365
• Okta Identity Engine (OIE)
• Okta Classic Engine
•  Microsoft Office 365 Application Integration
• Okta Integration Network
• This option is visible in the Office 365 app under Provisioning > To App when Create Users or Update User Attributes is enabled

Okta intentionally introduced this feature to give administrators more granular, flexible control over the scope of provisioning for Microsoft Office 365. It allows scenarios where license and role management is handled outside Okta (for example, directly in Azure AD or via other tools), while still using Okta for user identity and attribute management.

What is the User Attributes Only feature?

• It is a provisioning setting that restricts Okta from synchronizing only user attributes (for example, name, department, contact info) to Office 365.
• When enabled, Okta will stop managing Office 365 licenses and roles for users, even if it was previously configured to do so.

Impact of Switching

• Enabling this feature requires managing all user licenses and role assignments in the Microsoft 365 admin center, rather than in Okta. Okta will no longer perform these tasks.
• This is useful for organizations that prefer to manage entitlements natively in Azure AD.

Related Reference

• Okta Production Release Notes (Enhanced provisioning controls for Office 365)
• Provisioning and Deprovisioning for Microsoft Office 365 ("User Attributes Only" section)
• Microsoft Office 365 provisioning types