<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009B95WnCAJOkta Identity EngineIntegrationsAnswered2024-04-17T10:09:26.000Z2023-05-18T03:43:24.000Z2023-05-22T21:28:15.000Z

31ycb (31ycb) asked a question.

May 18, 2023 at 3:43 AM
0365 Provisioning - Import Specific

Hi,

 

I have couple questions related to the Okta-0365 provisioning Integration.

 

Background:

  • I don't have user imported from AD
  • I'm using Azure as IDP, and enabled the JIT functionality to import the users. (users will authenticate through Azure IDP)
  • Using Identity Engine

 

1- I would like to know, when I enable 0365-Okta provisioning if I can import selected groups, instead of all groups. Couldn't find documentation about importing specific groups

 

2- Also, would like to know I can disable the provisioning from Okta to 0365, and only use provisioning from 0365 to Okta.

 

I'm using the below link, but could not find any information about the above 2 questions.

https://help.okta.com/en-us/Content/Topics/Apps/Office365-Deployment/provision-users.htm

 

Thanks

  • 5 answers
  • 481 views

  • NiallM.34104 (Atlas Identity)

    1. No. There's no filter last time I looked.
    2. Yes. The provisioning is always From App and To App. Disable the To App provisioning functions and you will have import from O365 in place and no provisioning to O365

  • NiallM.34104 (Atlas Identity)

    Another thing to consider for more control. Setup Azure Active Directory Domain Services in Azure. Deploy an Okta AD agent ( or two or three ) on a 'domain joined' virtual machine in Azure. Okta then sees Azure as as genuine AD domain and you have a few more buttons to push.

  • 31ycb (31ycb)

    Thanks Niall for the reply, and the alternative solution!

     

    Regarding your answer to question (2). I have Provisioning disabled at the moment.

    The import functionality allows you to import users from CSV, but does not show "Import groups" from the Application. To import the groups, I need Provisioning enabled no? (Just confirming that this is the case, or if I'm missing anything. )

     

    Thank you!!

    Expand Post

  • NiallM.34104 (Atlas Identity)

    You're totally correct. You enable provisioning in the Provisioning tab, and once you've completed the steps for that to verify, Okta reveals the provisioning options. You then have to configure what you want for Provisioning To and Importing From O365. Okta always has that as To App and From App.

     

    image

    Expand Post

  • 31ycb (31ycb)

    Thanks Niall.

     

    Since we don't want install an agent. We're thinking that we restrict the import of the groups from Azure AD side, but not sure yet if that will work. I'll need to test it. So steps:

    1- Restrict Azure AD group import to limited groups. (in Azure AD)

    2- Check "Import groups" in Okta for 0365 provisioning.

    Expand Post
This question is closed.
Loading
0365 Provisioning - Import Specific