ngcfj (ngcfj) asked a question.
okta integration with existing office 365
the instructions for connecting Okta to office365 say you have to bring in users before integration. Is there a way to have users pulled from office 365/azure ad? Is that even necessary. will the users be added to oka when you setup ws-federation? I would want to know what to do when have office 365 in use and you don't have on prem active directory and you want Okta to manage authentication for office 365 and other apps including apps that use okta as a SAML identity provider. Is the export-import using CSV the recommended action here?
Hi @ngcfj (ngcfj) , Thank you for reaching out to the Okta Community!
The typical flow would be from Okta to the downstream app, where you would manage you account provisioning, licenses and SSO from the Okta side, so that is why the users need to be in Okta to connect them to the users in the app.
You could try the CSV import if needed. Here are the instructions:
https://help.okta.com/en-us/Content/Topics/users-groups-profiles/usgp-import-users-csv.htm
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
Community members help others by clicking Like or Select as Best on responses. Try it today.
I figured that was how okta intends for it to be used. That is why it is in the setup guide. I just want to know how to implement okta where office 365 is already in use and you add Okta later. Do I have to export the users from o365 and import to Okta with CSV files or can I do something easier/better.
Depending on the number of users you have to deal with, or if you don't have absolutely any users in Okta, you can try a one-time manual import from O365 to Okta, but I recommend thoroughly checking the import settings. Specifically username matching needs to be confirmed based on your organizational needs and auto-confirmation/auto-activation should probably be disabled so you get a chance at a final look at the list being pulled in.
And to clarify, the WS-Federation would be just the SSO part of the configuration and that would not work if the users are not already assigned to the app.
Provisioning would be the part that actually handles account creation and would need to be configured before in order for you to run the import straight from the app.
Please note that depending on what kind of SKU/entitlement you have, Provisioning might not be an available feature, so CSV file import would be the way to go.
Hope this helps!