Moving Microsoft Office 365 from SWA to WS-Federation

There are two sign-on methods for Microsoft Office 365 available in Okta: Secure Web Authentication (SWAAn acronym for Secure Web Authentication. SWA is a SSO system developed by Okta to provide single sign-on for apps that don't support proprietary federated sign-on methods or SAML. Users can enter their credentials for these apps on their homepage. These credentials are stored such that users can access their apps without entering their credentials each time. When users first sign-in to a SWA app from their homepage, they see a pop-up message asking if they were able to sign-in successfully.) and WS-Federation (WS-Fed), which is the more secure and preferred method.

  • SWA relies on a username and a password for security credentials that can be selected by the end user or assigned by the administrator
  • WS-Federation is a specification that defines mechanisms to transfer identity information using encrypted SOAP messages. It adds an additional level of security. WS-Federation does not require a separate password for Office 365; consequently, Okta does not need to sync user passwords when WS-Federation is used.

We have simplified our WS-Fed configuration. Now, changing your sign on method from SWA to WS-Federation is quick and straightforward.

To change your sign on method for Office 365 appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. to WS-Fed:

  1. From the Administrator Dashboard, select Applications.

  2. Locate and select the Microsoft Office 365 app.

  3. Select the Sign On tab, then click Edit.

  4. For SIGN ON METHODS, check the WS-Federation radio button.

  5. If you choose to manually set up WS-Federation, click on the View Setup Instructions button, shown above. The button opens a new tab with instructions on how to prepare your domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). for federated authentication utilizing PowerShell.

  6. If you prefer that Okta configures WS-Fed, please select Let Okta configure WS-Federation automatically for me

  7. Enter your Microsoft 365 API AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Username and Password, as shown above. The Default Relay State is optional. (The default relay state is the page your usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control. will land on after they successfully log in.)

  8. Add your credentials details and your API credentials.

  9. Click Done.

Top