Move Microsoft Office 365 from SWA to WS-Federation

There are two sign-on methods for Microsoft Office 365 available in Okta:

  1. Secure Web Authentication (SWA): SWA relies on a username and a password for security credentials that can be selected by the end user or assigned by the administrator
  2. WS-Federation: WS-Federation is a specification that defines mechanisms to transfer identity information using encrypted SOAP messages. It adds an additional level of security. WS-Federation does not require a separate password for Office 365. Consequently, Okta does not need to sync user passwords when WS-Federation is used.

Procedure

  1. From the Administrator Dashboard, select Applications.

  2. Locate and select the Microsoft Office 365 app.

  3. Select the Sign On tab, then click Edit.

  4. For SIGN ON METHODS, check the WS-Federation radio button.

  5. If you choose to manually set up WS-Federation, click on the View Setup Instructions button, shown above. The button opens a new tab with instructions on how to prepare your domain for federated authentication utilizing PowerShell.

  6. If you prefer that Okta configures WS-Fed, select Let Okta configure WS-Federation automatically for me.

  7. Enter your Microsoft 365 API Admin Username and Password, as shown above.

    The Default Relay State is optional. (The default relay state is the page your users will land on after they successfully log in.)

  8. Add your credentials details and your API credentials.

  9. Click Done.