DrewD.47545 (Customer) asked a question.
Hi,
We connected 365 to Okta and did not initially select "Password Sync" in provisioning, but later on we decided we want the Okta passwords to sync to 365. It does not seem to be working now that we have selected it after the initial 365 integration. Should it sync passwords no matter when you select that option? FYI, all users are native Okta users and are not imported via any other directory.
The use case is that after integrating Okta with 365 we found out that there is an AD connector between 365/Azure and an AWS service. Existing users in 365 (pre-okta integration) can still use that service (authenticate via Azure) but users created after Okta/365 integration and provisioned into 365 by Okta do not. No password sync to 365?
thanks,
andrew
Hello @DrewD.47545 (Customer),
In this Scenario you may want to check things like the Immutable ID and the current mapping.
1 ) The inmutable ID:
-You need to check and get The immutableID from O365
-Edit the InmutableID with the correct one in OKTA
-Review the Proxy Addresses on the profile and set the same that exist in Office365.
-Run Again the provision Task
2 ) Mapping: Corrupted or hung mapping was keeping the update from pushing the LastPasswordChangeTimestamp attribute from AD/Okta to Office365.
Run a profile tickle on a non-critical attribute mapping from Okta/AD to Office365, e.g wwwHomePage
This triggers a full remapping of all application attributes. *Please note that the LastPasswordChangeTimestamp attribute updates will ONLY push on AD import, once the AD account is modified by the password change.
You can always open a case with Okta Support if you would like further assistance in this setup.
Regards,
Natalia
Okta Inc.