<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
ナビゲーションへスキップメインコンテンツへスキップ
システムステータス
お知らせ
お知らせ
検索
検索
Select Language
ナレッジベース
ナレッジ記事
サポート動画 ↗
ドキュメント
製品ドキュメント ↗
開発者用ドキュメント ↗
製品リリースノート ↗
コミュニティー
イベントとウェビナー
Okta Ideas ↗
リソース
製品ハブ
Customer Success Hub
製品リリースの最新情報
学習
Okta Learning ↗
サポートを受ける
ケースをオープン
HomeCommunityForum
0D50Z00008C3jpxSABOkta Classic EngineOkta Integration NetworkAnswered2024-06-01T09:06:25.000Z2016-01-13T17:24:28.000Z2018-04-14T00:47:02.000Z

Peter McCarthy (Customer) さんが質問をしました。

varun.kavoori1.5210444522562532E12 によって 9月 5, 2018(1:19 午前) に編集されました
Azure AD Connect vs Okta provisioning for Office 365
I know that there have been ongoing changes to the provisioning capabilities of Okta with Office 365. At this point in time, are there any limitations that still exist with using Okta for provisioning with Office 365 that do not exist when using Azure AD Connect?

 

I'm not sure if it changes the answer, but we are currently using an Office 365 Hybrid deployment.
  • 6 件の回答
  • 再生回数 2.12K 回

  • j5v7c (j5v7c)

    Hi Peter,

     

    Thanks for the great question.

     

    We recently started an EA program that enhances Okta's provisioning capabilities for Office 365 by significantly extending the number of attributes (up to 140+) and adding support for Contacts, DL's and some other Exchange specific objects. For many customers, these enhancements provide enough fidelity to match and overtake AzureAD Connect (formerly DirSync) in terms of functionality.

     

    Exchange Hybrid configurations (specifically) are not yet supported through Okta provisioning, however this is something we are working hard to address. There are some gaps today in our handling of proprietry exchange data when involved in a hybrid configuration, this also involves writing proprietry attributes back to on-premises. 

     

    I'd love to hear a little more about your Hybrid configuration though if you're happy to share. 
    • Is this a permanent configuration for your Exchange organization or are you currently in a migration state?
    • If your Exhange Organization will remain in Hybrid permanently, what use case has made that a requirement?
     Cheers

    Marc
    投稿を展開

  • Peter McCarthy (Customer)

    Marc,

     

    I'm not familiar with the specifics, but I was told that we require on-prem mailboxes for our phone system. I'm going to see if I can get more specific information.

     

    Out of curiosity, do you know why the writeback to on-prem is necessary? Does it have something to do with breaking the syncing of attributes, or is there something outside of the Office 365 environment that needs those attributes to be in AD?
    投稿を展開

  • j5v7c (j5v7c)

    Thanks for digging in on the specifics Peter,

     

    If you scroll to the bottom of https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsync-attributes-synchronized/ Microsoft list the reasons they need some specific attributes written back. In particular, things like ProxyAddresses when you have a mix of on-prem and online mailboxes is really quite important. 

     

    Without fully supporting some of this functionality, we run the risk that certain routine functions that happen with mail routing, mailbox moves and other Exchange related features might not work as expected.
    投稿を展開

  • ytbmz (ytbmz)

    I am interested in knowing if the hybrid issues have been worked out yet by OKTA

  • 8eql5 (8eql5)

    In a non-hybrid, Okta is a bit of a hassle and not very reliable. Attribute syncs like ProyAddress that worked one tiem stopped workign for no apparent reason and for weeks no solution/clue from support on how to solve it. I'd recommend to closely compare of AD connect. IF this keeps going, we might look into going back to AD connect. Also ADAL only works with AD connect and not with Okta or other providers, if that is important for you.
    投稿を展開

  • GrahamC.30195 (Customer)

    The way we have it setup (3000 employee company) is using AAD connect for writing users and attributes to Azure (which writes to office) then we have Okta do all the license provisioning. This is where Okta REALLY shines in my opinion. Okta's abilties for license assignment is LIGHTYEARS ahead of Azure. I love that I can set a group and the license set I want them to have and its done, unlike Azure that cannot even see subgroups, everything has to be flat groups for Azure automations. Also, dont even try to use OUs for rules in Azure, it cannot see those either.
    投稿を展開
この質問は閉じられました。
読み込み中
Azure AD Connect vs Okta provisioning for Office 365