r2wib (r2wib) asked a question.
Office 365 WS-Fed Integration issue
Hi Community Users,
We are trying to integrate Office 365 WS-Fed with OKTA and facing a weird issue - the portal is throwing 'Invalid Credentials', however the credentials are valid and we are able to login to Office365 with the same credentials. Below are the error messages, please revert to this discussion if any one has already faced such issue...
----------
- Could not validate your Office 365 credentials, received error: Invalid Credentials.
- Could not communicate with Office 365 to validate your credentials, received error: 400 Showing a modal dialog box or form when the application is not running in UserInteractive mode is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly style to display a notification from a service application.
-----------
This is a very common issue with Office 356 integration. Cause of this issue can be -
The Global Administrator account that is configured to handle provisioning for the O365 application in Okta has MFA enabled within O365. Okta is unable to process or bypass the MFA challenges, which results in failed provisioning tasks.
or
API credentials provided in Okta for provisioning are no longer valid.
Check whether the user is Global Admin.
https://support.okta.com/help/s/article/Office-365-Provisioning-400-Authentication-Error
https://support.okta.com/help/s/question/0D50Z00008C3ja4SAB/i-see-this-message-for-most-of-the-team-and-i-want-to-fix-itautomatic-provisioning-of-user-to-app-microsoft-office-365-failed-could-not-validate-your-office-365-credentials-received-error-403-invalid-credentials
Thanks for the response Saurabh.
We have verified for all the pre-requisites and tried in various browsers, couple of users, cleared cache and all the basic stuff, O365 has a verified domain, the accounts have 'Global Admin' roles assigned to them, MFA is disabled, still its the same issue. The two error messages listed above are for two different users. I'm thinking if there is anything to be done at O365 end (if any).
We had the same issue in our new testenvironment.
Please check if in Office/Azure AD "Security defaults" are enabled. Since October 22nd, 2019 Microsoft enabled this by default for new tenants, ensuring "new secure-by-default behavior". For details see https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults. You can find the "Security defaults" in the Azure AD admin center under Properties.
Thanks there,
Yes you are right, the error caused is due to the 'Default Settings'. We had a call with Microsoft and got the info from them. We are good now.
However, Okta should document this OR add to the check list while configuring O365 integration, as this is going to cause an issue for all new tenants. We could have saved at least a week's time just to figure out this.
I totally agree with you that Okta should add this to their documentation. That would have saved us a lot of time too.