<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009a33xFCAQOkta Classic EngineSingle Sign-OnAnswered2024-04-03T16:09:08.000Z2023-09-06T18:04:39.000Z2023-10-18T15:51:01.000Z

User16812337537886215329 (Bellwether Housing) asked a question.

September 6, 2023 at 6:04 PM
Office 365 SSO: User stuck in login loop after changing Okta password

Hello all,

 

My workplace uses Okta SSO for the Microsoft Office 365 suite.

 

Our users are complaining that their Office 365 becomes inaccessible whenever their Okta passwords are changed; specifically, when attempting to sign in, Office 365 would be stuck in a login loop of "Signing in to Microsoft Office 365."

I have confirmed that the issue is not an isolated incident, but one that impacts all our users.

 

I have consulted existing articles in the KB, but I don't believe they answer my question:

 

- https://support.okta.com/help/s/article/Office365-SSO-User-Loop-During-Authentication -- The advice in this article does work, as I'm usually able to resolve the issue after clearing the browser's cookies. However, I'm interested in learning how to prevent the login loop issue from occurring in the first place.

 

- https://support.okta.com/help/s/article/Microsoft-Office-365-User-is-Stuck-in-a-Login-Loop-After-Resetting-Okta-Password -- This article is for when the issue affects only one user, who is unable to sign in even after clearing their browser's cookies; as such, I don't believe it is applicable to our situation.

 

Any assistance and insights will be greatly appreciated.

 

Thank you,

Chengtao

  • 1 answer
  • 2.65K views

  • MatthewH.10249 (State of Iowa)

    We recently had 2 users that after a password change had a somewhat similar looping issue. They would login to Okta perform MFA and then loop several times and never successfully logged into the Microsoft app they were trying to access. We tried clearing browser's cookies, cleared Okta sessions via Okta admin console and tried on different devices but none of that worked. We ended up having to run the following PowerShell (PS) scripts for each user and that fixed the issue. I actually think the final PS script listed below might have been all that was needed to resolve this issue.

     

    Here's a list of PS commands that were ran that ended up resolving the issue:

    Run this command to get the ObjectId and the user's UserPrincipalName (upn).

    Get-AzureADUser -SearchString <<email address>>

     

    Now, run the following command to Change UPN to managed domain

    Set-AzureADUser -ObjectId <<guid>> -UserPrincipalName <<upn>>

     

    Next, Update the password with the following command:

    Set-AzureADUserPassword -ObjectId <<guid>>

     

    Change UPN back to the federated domain. Run the following command:

    Set-AzureADUser -ObjectId <<guid>> -UserPrincipalName <<email>>

     

    Run the following command to revoke existing sessions:

    Revoke-AzureADUserAllRefreshToken -ObjectId <<guid>>

     

    I too would love to know the reason for looping issues after a password change and what can be done to prevent going forward. It seems like more of a Microsoft issue than an Okta issue at least in our case. Our Okta logs clearly showed that the user logged in and performed MFA with no errors and we do see errors in Azure logs but Microsoft has yet to respond to our support incident.

    Expand Post
    Selected as Best

  • MatthewH.10249 (State of Iowa)

    We recently had 2 users that after a password change had a somewhat similar looping issue. They would login to Okta perform MFA and then loop several times and never successfully logged into the Microsoft app they were trying to access. We tried clearing browser's cookies, cleared Okta sessions via Okta admin console and tried on different devices but none of that worked. We ended up having to run the following PowerShell (PS) scripts for each user and that fixed the issue. I actually think the final PS script listed below might have been all that was needed to resolve this issue.

     

    Here's a list of PS commands that were ran that ended up resolving the issue:

    Run this command to get the ObjectId and the user's UserPrincipalName (upn).

    Get-AzureADUser -SearchString <<email address>>

     

    Now, run the following command to Change UPN to managed domain

    Set-AzureADUser -ObjectId <<guid>> -UserPrincipalName <<upn>>

     

    Next, Update the password with the following command:

    Set-AzureADUserPassword -ObjectId <<guid>>

     

    Change UPN back to the federated domain. Run the following command:

    Set-AzureADUser -ObjectId <<guid>> -UserPrincipalName <<email>>

     

    Run the following command to revoke existing sessions:

    Revoke-AzureADUserAllRefreshToken -ObjectId <<guid>>

     

    I too would love to know the reason for looping issues after a password change and what can be done to prevent going forward. It seems like more of a Microsoft issue than an Okta issue at least in our case. Our Okta logs clearly showed that the user logged in and performed MFA with no errors and we do see errors in Azure logs but Microsoft has yet to respond to our support incident.

    Expand Post
    Selected as Best
This question is closed.
Loading
Office 365 SSO: User stuck in login loop after changing Okta password