Office 365 - Frequently asked questions
You can use Automatic WS-Federation to configure multiple Office 365 domains in one app instance. See Federate multiple Office 365 domains in a single app instance.
However, if you are using Manual (PowerShell) WS-Federation, you need to configure a separate instance of the Office 365 application within Okta for each domain you have in your office tenant. For example, if you have five domains under your office tenant, you would have five office apps in Okta, each pointed to the same office tenant but set with a different domain. See Add Office 365 to Okta.
They can but we cannot secure them through MFA since they do not use Modern Authentication. We strongly recommend disabling these protocols in your Office 365 tenant. To disable these legacy protocols in your Office 365 tenant, refer to this Microsoft Support documentation: How to enable or disable POP3, IMAP, MAPI, Outlook Web app or Exchange ActiveSync for a mailbox in Office 365.
It’s probably because you haven’t set up Okta for provisioning users into Office 365. See Provision users to Office 365.