9032d (9032d) asked a question.
Hi Experts and Community members,
I really really need your help.
Company A (United states) is using global Office 365, sync its own AD users to Office 365 (tenant A) via OKTA and is using OKTA SSO.
Company B (United states) is using global Office 365, sync its own AD users to Office 365 (tenant B) via OKTA and is using OKTA SSO.
We have a customer (Company C) purchased global Office 365 (tenant C) in Hongkang, and adquisted these two companies A and B. Now they want to migrate both tenant A and tenant B's data to tenant C and don't use tenant A and B any more.
As we know, before migrating the data, we need to create users first in tenant C for Users in tenant A and B. How can I create users now? Should I break syncing Company A and B' AD users to Office 365, then sync these AD users to tenant C? but in this way, during migration, it will break the OKTA sso authentication for company A and B.
What can i do now? Any help is appreciated!
Sky
Thank you for posting on our Community page.
Since there are 3 different Office domains, it should work smooth enough. The only thing that you need to do is to disable Provisioning for domains A and B, turn on Provisioning for domain C and assign the users to this one. The users are going to be automatically created and have access to Office.
As for SSO, that should also not be a problem, as there again are 3 different AD and Office domains and all of them should be set as different Office applications in Okta (so you can just set up WS-Fed for domain C before starting to migrate the users).
Now, there are a couple of thing that I see as problematic:
If you'd like us to take a closer look at your configuration and help you make this migration, please don't hesitate to open a Support case.
Thank you,
Paul Auer
Technical Support Engineer | Okta
Hi Paul,
Many thanks for your answers and help.
Sorry, my English is really poor. I will use some pictures to show my meanings:
This is the current structure:
https://1drv.ms/u/s!AkUdhxRe-G-6jB7Ds6ZqW-_5ATXK (a sharing link, as I can't find a way to paste picture here...)
description:
1.three separate companies (1,2,3) have their own AD(1,2,3), their own Office 365(1,2,3), their own custom domain(domain1.com, domain2.com, domain3.com), and all they use OKTA to sync their AD users to Office 365 , and OKTA SSO solution.
2.Now the company 3 purchased company 1 and company 2, and want to migrate both company1 and company2's Office 365 domain, users, data to the Office 365 tenant3, they don't use tenant 1 and tenant2 any more.
This is what I want to achieve:
https://1drv.ms/u/s!AkUdhxRe-G-6jB2bm5bhNPFa1lV5
description:
picture here is what I want to achieve.
I think when I do Office 365 migration(I just talk users part , not domain and data part here), I need to break OKTA sync for (users in AD1-> Office 365 tenant 1, users in AD2->Office 365 renant2) , then resync users in AD1 ->Office 365 tenant 3 , users in AD2 -> Office 365 tenant 3? But if I break sync first (users in AD1-> Office 365 tenant 1, users in AD2->Office 365 renant2), I suppose users in Office 365 tenant1 and tenant2 may not use OKTA sso, is it right? If yes, I believe customer will not accept it. So is this the only way or do we have other methods to achieve this goal.
I am new to Okta, please forgive me if my question is stupid. If possible, please help the list the correct steps.
Thanks again.
Sky Pei
Update:
I am not sure what the correct sync structure via OKTA. Please help confirm
I wrote in my second post this is what I want to achieve: https://1drv.ms/u/s!AkUdhxRe-G-6jB2bm5bhNPFa1lV5 , not sure if it possible, or should it be this one: https://1drv.ms/u/s!AkUdhxRe-G-6jCMq9bbRW1SalK5g
Thanks