Office 365 - Frequently asked questions

What should I do if I want to configure multiple Office 365 domains under one tenant?

You can use Automatic WS-Federation to configure multiple Office 365 domains in one app instance. See Federate multiple Office 365 domains in a single app instance.

However, if you are using Manual (PowerShell) WS-Federation, you need to configure a separate instance of the Office 365 application within Okta for each domain you have in your office tenant. For example, if you have five domains under your office tenant, you would have five office apps in Okta, each pointed to the same office tenant but set with a different domain. See Add Office 365 to Okta.

Can my users access Office 365 using POP and IMAP?

They can but we cannot secure them through MFA since they do not use Modern Authentication. We strongly recommend disabling these protocols in your Office 365 tenant. To disable these legacy protocols in your Office 365 tenant, refer to this Microsoft Support documentation: How to enable or disable POP3, IMAP, MAPI, Outlook Web app or Exchange ActiveSync for a mailbox in Office 365.

Why don’t I see options to license and roles while assigning the Office 365 app?

It’s probably because you haven’t set up Okta for provisioning users into Office 365. See Provision users to Office 365.

Can I use PowerShell to configure Office 365 in Okta?

Yes. See Configure Single Sign on using Secure Web Authentication.