RobertW.52511 (Customer) asked a question.
Our Office365 is using an Okta Mastered User base (Universal Directory), but we can't sync over Manager Attributes since this requires an AD. We've hit a wall where we can't update AzureAD directly since Azure knows that Okta is mastering the users, and we can't sync the manager attribute.
For anyone who tries to manually update Azure AD using PowerShell to set this attribute as a FYI, you'll hit an error like this:
Set-AzureADUserManager : Error occurred while executing SetUserManager
Code: Request_BadRequest
Message: Unable to update the specified properties for on-premises mastered Directory Sync objects or objects
currently undergoing migration.
Is there some kind of work around where we can enter a GUID or something into a field in Okta and sync that to Office365? Does any one have any experience in this?
@RobertW.52511 (Customer)
The Office 365 "Manager" attribute is a directoryObject attribute, which can only be updated by another directoryObject type of attribute. Okta attributes are not directoryObject types. Office 365 is limited to read Manager as an AD object and Okta only facilitates the exchange from AD to O365.
The requirements are that there is an AD integration with Okta, and there is a value populated in the user's AD profile's Manager attribute, as this is the only solution available at this time due to O365 limitation.