KevinB.32647 (Contraload NV) asked a question.
Does the okta SSO use any kind of (background) caching?
One of our new users can't login to their office applications installed on their windows machine. He can't access it with Chrome but he can access portal.office.com via MS Edge. We suspect that this has something to do with the OKTA provisioning.
The users who are having the issue had double 0365 accounts due to the AAD sync being broken for these users. We deleted the second one and coupled them manually by changing the O365 ImmuteableID equal as on the AD.
My guess is that okta is still trying to connect to the second deleted account which generates this error. How should we proceed in order to regain access for these users?
My name is Vasi from Okta Support and I'll be handling your case.
Your case will need further verification before we can advise on a troubleshooting.
It can relate to browser or to sync between AD and Office.
We do recommend you open a support ticket.
Generally speaking the recommended method for coupling an AD identity with an on-premises identity in Okta is to import the users from 365 into Okta and match them with their Okta counterparts, ignoring outliers as necessary.
That said, I have no background on your specific issue, plus login does actually work, just in a specific browser which is odd. I'm unsure if it will fix your particular issue, but at least now you know for the future what the recommended practice is.
err, correction: "Generally speaking the recommended method for coupling an AD identity with an okta identity..."