<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00008KDXOGCA5Okta Classic EngineOkta Integration NetworkAnswered2024-04-16T09:58:18.000Z2022-11-06T16:23:23.000Z2022-11-07T18:36:01.000Z

t8kca (t8kca) asked a question.

November 6, 2022 at 4:23 PM
Usernames for multiple domains in 365 same tenant different emails

We have federated 365 in Okta but we have multiple domains housed under the same tenant. The issue is, Okta thinks that there are multiple usernames for these people now, and is giving us a 401 error if I remember correctly. We need to be able to have Okta create usernames based off domains within the same 365 application.

 

Here is what I have now:

String.substringBefore(source.email, "@domain.com")+"@primaryemail.com" OR

String.substringBefore(source.email, "@domain.com")+"@primaryemail.com

 

However, it still seems to not be working.

How could we correct this?

 

It also keeps having these users relog into Okta, despite having cookies persist in the Authentication tab. How could we correct this as well?

  • 2 answers
  • 564 views

  • t8kca (t8kca)

    Its generating a 400 error; we have already test and updated credentials.

  • flaviu.vrinceanu1.5628408972654734E12 (Customer Success Service Delivery)

    Hi @t8kca (t8kca)​,

     

    Thank you for posting on the Okta community page!

     

    I have verified the Application username format from my own environment and as an expression I have used the one provided below, which might help you resolve the 400 error message:

     

    Instead of user.login, you could use source.email but it mostly depends on your Okta-Office365 environment configuration. Additionally, I would recommend to check the configuration again and to make sure that everything was configured accordingly to your organisation needs in order to eliminate any other factor that could generate the 400 error.

     

    Related to the second inquiry, my recommendation would be to reach out to Microsoft and see why the re-direct for authentication keeps happening as it seems to be related to the session lifetime configured on the Office side because the user will have to re-authenticate through Okta when the session will expire on the application side.

     

    ------------------------------------------------------------------------------------------------------------------------------------------------

    The October issue of the Okta Community is here and packed with tips on certification, how to earn badges, and new releases. Let us help you stay connected.

    Expand Post
This question is closed.
Loading
Usernames for multiple domains in 365 same tenant different emails