Michaell.96818 (Customer) asked a question.
Hello. I have a question in regards to Integrating okta to O365 and specifically our current azure <-->AD sync account and global azure admin accounts.
Currently in conditional access we have these accounts excluded from MFA. (Obviously service accounts can't MFA, and there is certain windows core setups that can't load the gui components for mfa to function on certain boxes that run jobs to our MSOL)
These accounts are also not currently scoped within the on prem AD source where Okta is getting our user base.
When creating a new federation what is the best method to replicate how we have our current Azure setup. EG: Ensure these critical accounts don't get frozen out via MFA policy... and everyone has a panic attack.
Also just to follow up... We in the future also hope to use Okta to provision and de-provision user accounts, mailboxes, licensing etc. At this time we'd just like to get the SSO moved over then tackle those issues.
Thanks in advance.
Hello @Michaell.96818 (Customer) Thank you for reacting out to our Community!
If you want to keep these accounts outside of the federated domain I would advise you to keep the on the onmicrosoft.com domain since that domain can not be federated, the reason for this is because once you federate a domain, all accounts under that domain will be prompted for Okta authentication.
You can also have them included in the Okta federated domain, and setup MFA exemption rules for these accounts.
The Okta Community Catalysts Program is now live. Collect online badges when you participate in the Okta Help Center Questions community. Learn more here.
Join us in the Oktane discussion group to connect with attendees or just stay connected to the event.