Import users to Office 365 using Microsoft Graph API

You can import users from external directories into Okta and provision them in Office 365 using Microsoft Graph API.

Before you begin

• Complete Configure Single Sign-On for Office 365.

• Ensure that you have global admin privileges for your Microsoft tenant.

Start this task

To import users using the Microsoft Graph API, complete the following steps:

• Configure API integration

• Optional. Skip importing groups during Office 365 user provisioning

Configure API integration

You can automate provisioning tasks by enabling API integration and granting admin consent. Office 365 requires a token to authenticate against the Microsoft API. This allows Okta to implement provisioning in Office 365.

1. In the Admin Console, go to ApplicationsApplications.

2. Locate and select the Microsoft Office 365 app
3. Go to ProvisioningAPI Integration.
4. Click Configure API Integration, and select Enable API Integration.
5. Enter your Microsoft admin username and password.
6. Click Authenticate with Microsoft Office 365. You're redirected to the Microsoft account sign-in page.

7. On the Microsoft account sign-in page, do the following:

   1. Sign in to Microsoft as a global admin for your Microsoft tenant.

   2. Read and accept the instructions that are listed on the Okta Microsoft Graph Client page.

8. Optional. To import groups during this process, select Import Groups.

   Okta doesn't support nested group imports from Microsoft Entra ID. Only users who are direct members of the group are imported.

9. Click Test API Credentials.
10. After the credentials are verified, click Save. You can now go to the Imports tab to begin your user import.