GuillermoP.14489 (Customer) asked a question.
Okta - Microsoft 365 Integration for Admin Distribution Lists/Shared Inbox Access
Hi everyone,
I’m working on setting up a shared inbox or distribution list so I can step back from being the only one with superadmin credentials for all our apps. The idea is to share access with a group of admins in the company, so anyone who has access to that mailbox can manage our third-party app configurations when needed.
Right now, we're using Okta groups to manage access to third-party apps (SSO, group push, etc.), and we’re hoping to use Microsoft 365 to create the shared mailbox. Ideally, we want to integrate it with Okta so we can control who has access to it using Okta groups.
A few questions I have:
- Is this doable?
- What’s the best way to set up this integration without accidentally locking anyone out of their accounts?
- Is this better accomplished with a Distribution List or a Shared Mailbox?
Any feedback or recommendations are appreciated. Thanks!
Hello @GuillermoP.14489 (Customer) , thank you for contacting Okta Community!
We have an article on a similar topic:
Handling Shared Accounts in Federated Microsoft Office 365 Domain with Okta
However, I am not sure if you could give multiple users access to the same Super Admin account. MFA is mandatory for all admin accounts, which would be the first limitation that comes to mind.
*Edit: I have confirmed this would be possible for our Professional Services team. They are our top experts specialized in custom deployments tailored to your company's exact needs. You can read more about them here.
I believe that creating and managing multiple Super Admin accounts would be a better option. This way, if SuperAdmin1 is locked out or leaves the company, SuperAdmin2 can unlock their account or manage the org. This would be a good practice as well, since only another Super Admin account can take certain actions over a Super Admin account (such as resetting the credentials, deactivating/reactivating the account, etc.). You can read more about this topic here:
Super administrators
Standard administrator roles and permissions
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Thanks for your answer, Diana
I believe what we're trying to do is a bit different from giving multiple users superadmin access to a shared Microsoft 365 account. Our goal is to give users regular app access to M365, maybe through push groups, user provisioning, and then within the Microsoft app, create a distribution list or shared mailbox (for example, something like it_admins@email.com). Then, we would add users' emails (The ones that have access through Okta) to that list/mailbox so they can receive any communications, and whoever has access to that distribution email can manage our third-party apps.
I believe our Okta account would mostly only handle authentication into M365 and allow us to manage user provisioning and push groups, is that doable? But I also wanted to see if the Group Permissions can be applied to this integration, and also if there's any way to do this without locking anyone out.
Would this be a feasible solution and would it be considered a separate case? Or would the documentation apply to this case as well?
Thanks in advance and I look forward to your response.
Best,
Guillermo
Hello @GuillermoP.14489 (Customer) , I recommend that you open a Support ticket (Customer Support Account ID number required) so one of our engineers can analyze it and provide in-depth assistance. You could also provide more details about your configuration in both Okta and Microsoft on a ticket.
Please note that opening a support ticket is a feature available only to paid accounts. If you do not have a paid account but are interested in upgrading, you can contact our Sales team.
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Just released: More Okta Community badges just added