<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00007c96WGCAYOkta Classic EngineAuthenticationAnswered2022-05-04T16:59:04.000Z2022-05-01T16:29:06.000Z2022-05-04T16:59:04.000Z

TuanT.84884 (Customer) asked a question.

May 1, 2022 at 4:29 PM
Rich Outlook client keeps prompting for credentials after enabling WS-Federation for Office 365 in Okta

Hello,

After we enabled WS-Federation for Office 365, rich Outlook (2016) client keeps prompting users for credentials and not matter what they type in, it won't accept it regardless whether or not they're signed into the Okta dashboard. Has anyone experienced similar issue and what was the fix? for troubleshooting purposes, we deleted the existing Outlook profile and recreated it for one user, and that seemed to do the trick but we don't think that's an ideal solution. We have a hybrid environment in which on-prem AD syncs to Azure/Office365.

 

Thanks

Tuan

  • 4 answers
  • 1.05K views

  • Paul S. (Okta, Inc.)

    Hello @TuanT.84884 (Customer)​ Thank you for reaching out to our community.

     

    You might be blocked by the default policy of the Office 365 default policy. You can change the policy and set up a policy to allow you users to sign in. You can see in the System Log if this is the case, and when there is a sign in attempt you will see a Deny. Please see our article on policy's for Office here:

    https://help.okta.com/en/prod/Content/Topics/Apps/Office365/References/o365-default-sign-on-rules.htm.

    If this does not help this might be a problem on Azure side, where there is a default policy that deny access to the account. You will have to fix this on Azure side.

    Hope this helps!

    Expand Post

  • TuanT.84884 (Customer)

    Thanks for the response, Paul. We already have a custom Office 365 policy that allows access. Also we don't have any problems accessing emails via Outlook online. It's the rich Outlook client 2016, which is locally installed on our computers, that we're having the problem with. This only happens after we enabled WS-Federation. Any suggestion?

     

    Tuan

    Expand Post

  • Paul S. (Okta, Inc.)

    @TuanT.84884 (Customer)​  Then the problem might be that the client is using basic authentication which the Policy might deny, you should review the System log and see if the access is denied by Okta or Office 365.

  • TuanT.84884 (Customer)

    @Paul S. (Okta, Inc.)​  I don't that was it. For testing purposes, we deleted one of the user's Outlook profile and recreated a new one and that fixed the issue. But the solution, especially when dealing with hundreds of users, to us is not very practical so we're hoping for a more logistical approach.

     

    Thanks,

    Tuan

    Expand Post
This question is closed.
Loading
Rich Outlook client keeps prompting for credentials after enabling WS-Federation for Office 365 in Okta