<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VXRSA3Okta Classic EngineOkta Integration NetworkAnswered2024-04-30T09:18:25.000Z2015-09-23T17:10:48.000Z2018-03-15T17:19:06.000Z

WarrenS.56184 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:20 AM
Remove WS-Federation from Office 365 Domain
Hi,

 

We are evaluating Office 365 integration with Okta. I need to be able to easily switch between testing authentication using Okta and directly with Office 365.

 

How would I remove the WS-Federation settings that are detailed in the WS-Federation authentication setup guide? The guide details both Set-MsolDomainAuthentication and Set-MsolDomainFederationSettings commands that I need to know how to reverse either as part of testing or as part of a roll-back.

 

Thanks
  • 11 answers
  • 5.69K views
00u30xzgeKGYSLSVZBK1.4211951255951387E12 likes this.

  • j5v7c (j5v7c)

    Hi Warren To switch off the Okta configured federation you would need to via powershell: Connect-MsolService Using your Office 365 administrative account, and then once connected issue the following command. Set-MsolDomainAuthentication -DomainName <your.domain> -Authentication managed

  • 3tc6v (3tc6v)

    I can't add anymore, Kevin has answered the question perfectly. One of the best features in okta is how easy it is to implement and the fact they give you the command lines to setup federation off the bat.

  • E Christiansen (Customer)

    I am glad this popped up. We are considering doing the same thing.

  • JasonR.75483 (Customer)

    Kevin's command didn't work for me.  Had to switch it around a bit.

    Set-MsolDomainAuthentication -Authentication managed -DomainName <your.domain>

  • j5v7c (j5v7c)

    None of this worked for me, not were Okta support any help either. Im really disapointed with this. They should explain that once you add this, EVERYONE in your org has to use it or they cant log in

  • x795p (x795p)

    As an update to this that I tested yesterday, if you had OKTA automatically set up the Ws-federation originally (where you give it admin credentials) - it will automatically remove the federation from the O365 domain when you switch the app back to SWA. I verified it using the powershell command get-msoldomainfederationsetting.

  • x795p (x795p)

    Also keep in mind, it seems to take some time for the settings to propagate out on 365.

  • j5v7c (j5v7c)

    In the provisioning setting in my test environment I sync the Okta password and I am now doing some testing for a DR plan.

     

    I had assumed that converting the domain authentication to managed would then let users login with their last Okta password but this doesn't seem to be the case in my testing.

     

    Does anyone know if a user's password is synced to Office 365 when using WS-Federation?
    Expand Post

  • ef261 (ef261)

    So if I am reading this right, the following command:

    Set-MsolDomainAuthentication -DomainName <your.domain> -Authentication managed

    will turn off Okta SSO and force users to sign in with their domain creds?
10 of 11
This question is closed.
Loading
Remove WS-Federation from Office 365 Domain