j5v7c (j5v7c) asked a question.
Impact of enabling Okta Federation with o365
We are planning an o365 migration. I have reviewed the steps for enabling federation between o365 and Okta. Before I run through this process I want to make sure I understand if there are any impacts to our production systems. I don’t see any potential issues, but want to be sure in case I’m missing something. Thanks! Our current setup... -On-prem Exchange-Leverage Okta for various apps-Identities will sync to Azure via AADConnect. Currently filtered on AD group for pilot testing.
- Modifies the settings of your verified Office 365 domain to point to your Okta Tenant (or overwrites the Federation Settings if they are already configured)
- Changes the behaviour of the Office 365 login page to redirect you to the configured IDP when the email suffix matches that of a Federated domain
There's also a couple of things to be aware of:- Ensure that a non-federated (ideally the onmicrosoft.com) domain is set as the default domain ahead of time (federated domains cannot be default and will give an error)
- Ensure that the account you are using for AADConnect and your admin account are using a non-federated domain (also, ideally onmicrosoft.com)
In regards to on-premises impact, we would not expect anything to change at all. Commonly, customers ask about mail flow and DNS impact, however neither of these will be modified as a result of setting the domain as federated. The Set-MSOLDomainAuthentication cmdlet in Powershell (https://msdn.microsoft.com/en-us/library/dn194112.aspx) can also be used to revert the domain to Managed rather than Authenticated if you did want to test toggling Federation settings. RegardsMarcHi Dan, I am in a similar situation and I was wondering what wound up doing?