About group duplication in Microsoft Office 365

If your application also imports groups from Active Directory (for example, Office 365 via DirSync), and provisioning is enabled in the app, you may have duplicate groups in Okta. This happens under the following conditions:

  • You have two or more Active Directory forests. For example, forestA and forestZ.
  • Microsoft DirSync is configured on forestA to synchronize all groups from the forest into an Office 365 (Azure AD) instance.
  • Your Okta AD agent is configured to import users and groups from both forestA and forestZ into an Okta org.
  • Okta is configured for provisioning with users from forestZ to the same Office 365 tenant.

When you configure provisioning on the forestZ Office 365 app, it automatically imports groups from Office 365 into Okta. There are groups in Office 365 that are imported from forestA that already exist in Okta because of a sync from the forestA AD agent.

Related topics

Skip importing groups during Office 365 user provisioning