<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VT5SANOkta Classic EngineOkta Integration NetworkAnswered2024-04-30T09:18:25.000Z2017-09-21T08:01:12.000Z2017-11-06T19:54:38.000Z

7zr3q (7zr3q) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:20 AM
How does the password flow takes place from O365?
We are in the process of integrating O365 with our Okta org and we have a query on this. First let me explain our scenario. We have on-premise AD integrated with Okta through AD agents and AD mastered users are created in Okta. We want our existing ADFS based authentication for O365 to be replaced by Okta.

Now since we have AD mastered users so the passwords will be managed by AD, so if for any user password is changed in AD will it be synced to O365. Suppose a user is using Outlook client then in that case when will the user be prompted for a new password?

In case the user do not enter new password will his account get locked in Okta?

 

We are in confusion on the usage of Outlook mobile app as well bevause our users use that too how will the authentication take place in that?

 

Please reply as early as possible, it will be very helpful as it is quite urgent for us
  • 1 answer
  • 1.24K views

  • j5v7c (j5v7c)

    Wow, there are a lot of questions here, lets start...

     

    As part of your Okta to Office 365 configuration, if you are using Okta to provision user's to Office 365 you can select the ability to synch the user's password to be the same as Office 365.

    0EM2A000000Drhh

     

    Second thing. If using the modern rich client the user will be automatically challenged to re-validate their password by Office 365 the next time they fire up the client. The checking of it will be via O365, but performed by Okta, and if correct the revised password will then be cached locally with the rich client.

     

    The user would need to answer to change the password and should not lock themseleves out (assuming they know the new password). As a point of interest there is a capability to perform a soft lock to Okta accounts before you lock out AD mastered user accounts that might be useful as well. There's some useful information here https://support.okta.com/help/Documentation/Knowledge_Article/Authentication-1407894845 and search down to  Configure lockout settings where it describes the capability.

     

    If you are using Okta Mobile to access the Office 365 tenant, Okta will make use of the embeded browser and perform a federated authentication to Office 365. So the only thing the user needs to do is select Okta Mobile and authenticate to the application with their pin, and select O365.

     

    If its the Microsoft Outlook mobile app, it has a built in browser and will prompt the user for their username/email address, and then trigger a federated authentication flow with Office 365 via Okta, so they will use their AD username and Password.

     

    Hope that all helps.
    Expand Post
This question is closed.
Loading
How does the password flow takes place from O365?