<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VBrSANOkta Classic EngineOkta Integration NetworkAnswered2024-03-25T23:41:55.000Z2017-03-26T05:11:12.000Z2017-03-26T05:11:12.000Z

th7vu (th7vu) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Integration with already federated Office365 domain
Hello,

 

I need some confirmation on my understanding below related to O365 federation with Okta:

 

[1]

If a customer has already setup a federated domain (say example.com.au) on O365 (say, using ADFS), then is it required to "un-federate" the domain before we could setup federation to the same domain via Okta?

 

In my understanding, during SSO configuration, Okta automatically detects that the domain is already 

federated using some other IdP like ADFS, and executes a different powershell cmdlet to setup federation with Okta.

 In other words, no special steps needed. 

 

Please confirm.

 

[2]

If a customer has already imported users from AD to O-365, i.e. the immutableid for users is already set on O-365. 

What are the precautions, if any, 

to be taken before setting up SSO (WS-Fed) with Okta? 

How will Okta know about these immutableids?

 

In my understanding, Okta assumes that the immutableid is Base64Encoding of User’s AD-GUID and expects that will match that immutableid set on the user on O-365. This immutableid is included on the assertion within WS-Federation protocol. 

 

Please confirm.

 

Thanks,

Jatin
  • 1 answer
  • 2.93K views

  • emanuel.costisor (Okta, Inc.)

    Hi Jatin!

    You are correct on both your asumptions, but allow me to detail a bit.

     

    When you set Okta to configure the federation automatically it will attempt to federate the domain by using the appropriate tools. If, for any reason, you see the federation fails, you have the option of doining it manually. First go to the Office 365 app in your Okta org -> Sign On tab -> select I want to configure WS-Federation myself using PowerShell and save. Then go to View Setup Instructions (same Sign On tab) and use the appropriate PowerShell commendlet you find there; whether to federate and already federated domain or a managed domain.

     

    Regarding immutable IDs, Okta does indeed asume that you are using the AD GUID. If, for any reason, you are using a different attribute for the immutable ID, you can levrage the Okta UD (https://help.okta.com/en/prod/Content/Topics/Directory/About_Universal_Directory.htm) to configure the appropriate mappings so that the desired attribute is used.

     

    If you encounter issues with your Office 365 integration, please submit a support ticket and the support team will be able to help you.

     

    Best regards,

    Emanuel
    Expand Post
This question is closed.
Loading
Integration with already federated Office365 domain