Import users to Office 365 using Microsoft Graph API

You can import users from different source directories into Okta and provision them in Office 365 using Microsoft Graph API.

Before you begin

  • Complete Configure Single Sign-On for Office 365.
  • Disable the Microsoft MFA for the Office 365 admin account you’re using for WS-Federation. If the MFA is enabled, it can break provisioning and single sign on set-ups in Okta.

Start this procedure

To import users using Microsoft Graph API, you need to:

Enable API integration and provide Microsoft admin consent

If you’ve already Set up Okta to Office 365 provisioning and provided Microsoft admin consent, you can skip this procedure, and start importing from Microsoft Office 365.

You can automate provisioning tasks by enabling API integration and granting admin consent. Office 365 requires a token to authenticate against the Microsoft API. This allows Okta to implement provisioning in Office 365.

  1. Go to Office 365ProvisioningAPI IntegrationConfigure API Integration.
  2. Check Enable API Integration.
  3. Enter Admin Username and Admin Password.

  4. Click Authenticate with Microsoft Office 365. You are redirected to the Microsoft account log in page.

  5. On the Microsoft account log in page, do the following:

    1. Log into Microsoft as a Global Administrator for your Microsoft tenant.

    2. Read and accept the instructions listed on the Okta Microsoft Graph Client page.

  6. To import groups now, check Import Groups.

    You can import groups later after finishing provisioning. See Skip importing groups during Office 365 user provisioning.

  7. Click Test API Credentials.
  8. Save the credentials once they are verified successfully. You can now go to the Imports tab and start importing from Microsoft Office 365.