wkcfm (wkcfm) asked a question.
I am trying to remove Okta federation from two Okta instances and encountering the same issue in both cases. I am following the instructions outlined here: https://support.okta.com/help/s/article/How-to-remove-the-Office-365-Federation-from-Okta-UI?language=en_US
After completing the defederation I waited for 12 hours, but in both examples, this is what happened:
1. Navigate to Office, e.g. https://outlook.office.com/mail/
2. Login with username/password from Okta (username/password are being synchronized to Office–according to the documentation, this should be OK)
3. The user is redirected to the login page after entering the password. ➔ Infinite login loop, I can never get past the login screen.
4. After clicking "Sign-in Options," I choose "Sign in to an organization" and enter the Org's domain.
5. Attempting to log in leads to an error message "AADSTS90023: msaredir=1 is only supported on the common tenant."
I have observed this behavior in two Okta instances, and I'm unsure if this is an Okta or an MS issue. Does anyone have experience with removing federation from Office365 or has run into similar issues?
Did you try go Applications page and remove it? 😅
No, I don't want to deprovision the users. Just remove the Okta SSO from Office 365.
Can you confirm you used Okta to automatically configure federation? It cannot harm to run the powershell query to do it manually nevertheless. After that change has been processed, it can take another 12 hours for Microsoft to pick this change up.
Yes, I did. I haven't tried the PowerShell query though. I can give that a go