JessicaL.72636 (Whatcom Community College) asked a question.
We just migrated over more mailboxes to M365 and none of these new users can log in to M365 via the desktop application. So far we’ve tried
· unassigning and reassigning the affected users
· setting the type as Group and Individual
· recreating the app integration
· allowing signon from Exchange ActiveSync/Legacy Auth
Additional information
· I can see the users are putting in the correct credentials and I see success on all MFA prompts in the Okta logs
· I see the successful authentication in the Microsoft logs as well
· Users can log in via mobile app successfully
· Users can log in via a web browser successfully
· The error message end users have reported is "Sorry, you can't access Microsoft Office 365 because you are not assigned this app in Okta"
· Users who had their mailboxes migrated before Wednesday had no problem with this and have not experienced any issues since.
Why would Okta allow someone to log in via the Outlook desktop app but then deny them access to the app even though it is assigned?
Yes! Okta support was able to check the logs and noticed that the users were trying to connect to an old integration that we had created for testing. I looked at our M365 tenant to see that our old domain we used for testing was still federated. Once I set it back to managed (Set-MsolDomainAuthentication -Authentication Managed -DomainName <insert test domain here>), everything worked as expected.