KevinB.32647 (Contraload NV) asked a question.
We are having reoccurring issues with the synchronization of AD and O365.
Currently our setup is as following;
OKTA is Master and AD and O365 are slaves. When a user is created in OKTA it will push this to AD and AD will create the necessary accounts provisioned through OKTA. The issue we are experiencing is that this sync between accounts often gets broken. We get the message that the immutable id can not be found, but if we look at the mapping in OKTA we can see the correct ID. Nevertheless the user can not access their mailbox because it is not found..
Please advice in how to regain access for these accounts.
Steps we undertook;
Delete profile in OKTA
Disable account in AD
Enable account in AD
Full import in OKTA
Create new profile from import
Provision via OKTA
For this issue, go to Directory, and then Directory integrations.
Check and make sure that your Active Directory agent is the latest version.
If you have the latest version of the AD agent, then you should open a ticket with our support team so that someone could get a closer look at your configuration.