User16535787353097162257 (Equipmentshare) asked a question.
Microsoft Office 365 WS-Fed and Provisioning questions.
I'm working on implementing Okta as our M365 IDP, and I've been through the actual configuration steps to set up WS-Federation for Office 365 a number of times, but I'm still shaky on a couple of key points.
- How am I supposed to test federated SSO? In other words, if I turn WS-Federation on, but only assign the M365 app to my test account, will only that account's login be federated, leaving the rest of our org untouched?
- We currently have about 1,500 users in our M365 tenant - about a quarter of our entire org. When we move on to provisioning, will those 1,500 existing users have duplicate entries created in M365 and replicated out into our AAD?
I know these might seem like silly questions, so thanks in advance for any advice you have.
Hello @User16535787353097162257 (Equipmentshare) Thank you for reacting out to our Community!
Once the federation has been done, this will affect all users from that domain, regardless if they are assigned or not to the application in Okta.
Once you assign a user to the application, provisioning will match to the existing account if the First name, last name, email and username are the same. A duplicate account is created when these attributes do not match.
Community members help others by clicking Like or Select as Best on responses. Try it today.