JackW.72420 (Customer) asked a question.
SSO for Microsoft 365
I have been going through the documentation for the Office 365 setup for SSO and came across the warning in the attached image. Based on the warning it seems that you cannot federate a domain which is the same as your admin accounts domain. Does this mean your admin accounts should be on a different domain(for example the domain you want to enable sso for is @example123 and you make your admin accounts domain @example1234) or do you just need to make sure you do not provision the admin accounts in OKTA for office 365?
Documentation link: https://help.okta.com/en-us/content/topics/apps/office365-deployment/configure-sso.htm
Hi @JackW.72420 (Customer) , Thank you for reaching out to the Okta Community!
Provisioning and WS-FED SSO are independent features, so the provisioning status of the user will not be relevant for this use case.
Federation would happen at the domain level, therefore it's highly recommended that you keep your admin and service accounts on a different domain than the one used for the SSO configuration to prevent login issues. This is not to say, you cannot have admins on the federated domain at all, but you should at least have a back-up in case of misconfiguration.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
Ask the Experts: Okta Device Access Product Team Now Thru 3/22