LucasS.15063 (Customer) asked a question.
Provisioning O365 Multi Geo License via Okta
Has anyone been able to assign O365 multi geo licenses via Okta?
O365 utilizes the "preferredDataLocation" attribute to correlate what geo license to assign if I'm not mistaken. We are AD mastered so in AD we have the attribute field "msDS-preferredDataLocation" which I mapped to an Okta attribute I created named "preferredDataLocation". My issue is I try to map the Okta "preferredDataLocation" attribute there is not a O365 "preferredDataLocation" available. My understanding is that field is not enabled by default in AAD. So is there a way to enable it to be seen by Okta or am I going about this the wrong way?
My name is Catalin,
Thank you for reaching out to Okta Support,
The PreferredDataLocation is not available in the attribute schema as confirmed in the following articles:
https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-schema
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-sync-attributes-synchronized
I've further investigated our archive and it seems a possible solution would be to use the Okta Workflows with the Graph APIs where you can pull the preferredDataLocation property.
https://docs.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0
https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/multigeo-userprofileexperience
However checking some internal cases I see that there may be a limitation on Microsoft's end if users are mastered on-premises. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-feature-preferreddatalocation#azure-ad-connect-support-for-synchronization
If Workflow is not an option, I would recommend submitting a feature request to our Okta Ideas portal: https://support.okta.com/help/s/ideas and hopefully, we can have this functionality implemented and easier to integrate into a future Okta Update.
Catalin,
We did some research into this and it appears that Microsoft has updated the AD Connect docs to indicate that you can synchronize the preferredDataLocation attribute now. We tried updating it via the Graph API call but it does not allow this because the user is synced.
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-feature-preferreddatalocation
After many inquiries to Okta and much research, apparently Okta doesnt support the schema for mapping preferredDataLocation. I think you can map it via Workflows, but only if you are not using Directory sync (because M365 will not allow manipulation of user accounts if they are on-prem directory synced). I think the other way would be to use AAD Connect concurrently with Okta, but I havent tested this yet.