5c295 (5c295) asked a question.
Okta User Lockouts (without their interaction)
We federated O365 with Okta a few months ago. Since then the majority of users are getting invalid_credential logs and eventually locked out with no interaction on their end. We are fully running AzureAD (not a hybrid environment). All Outlook clients are using Modern Authentication. I have been banging my head on possible solutions and have found none. Okta support provided little help on this and our third party implementation team could not figure it out. I have tried removing windows stored credentials in credential amongst other things. Any ideas or anyone have a similar issue?
- UserAgent
- Browser UNKNOWN
- OS Windows
- RawUserAgent Windows-AzureAD-Authentication-Provider/1.0
- DebugData
- RequestId
- RequestUri /app/office365/{key}/sso/wsfed/username13
- ThreatSuspected false
- Url /app/office365/{key}/sso/wsfed/username13?
- LegacyEventType core.user_auth.login_failed
Hello @5c295 (5c295),
I would recommend using the full email address as far as login goes.
In the log snippet, if you see rich client authentication failure, it's usually caused by stored credentials(wrong credentials) on the PC itself. If it is a windows machine then you will need to check the Credentials Manager from windows and delete the O365 accounts that are stored there.
If this is a mac device causing the issue then you will need to check the Keychain for any stored credentials.
Other than this, I wouldn't find myself in such a scenario, unless, the password is indeed typed in incorrectly.
If the above didn't help, I would recommend opening a support ticket with us for further analysis of the logs.
Regards,
Natalia
Okta Inc.