Integrate Office 365 App Using WS Federation
Now that you have a domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). ready in Office 365, you need to setup the domain to use Okta as the federated identity provider. You do this by adding the Office 365 application to your Okta orgThe Okta container that represents a real-world organization..
- Login to your Okta organization and select Applications > Add Application.
- In the search dialog, type in Office 365 and then click the Add button.
On the General Settings tab, provide the Office 365 tenant name and the domain you just added to your Office 365 subscription.
You can change the application label to indicate which domain this configuration is for. Then select Next.
- Most organizations require use of federation, therefore on the Sign-On Options tab, change the sign on method to WS-Federation. Then enter the user name and password of a global adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. account for your Office 365 tenant. You will need to make sure to use an account that is for yourtenant.onmicrosoft.com domain and not the domain you are configuring for federation.
You might find that when attempting to federate the domain, you get an error saying federating to default domain is not allowed. This is because the new domain has been set as the default, this can happen automatically after you’ve added a new domain. If this happens, switch the default domain back to the yourtenant.onmicrosoft.com from the vanity domain. Change can sometimes take a few seconds, so after changing the default domain wait for a moment before re-running the Okta federation PowerShell command.
- Return to the browser where you are configuring SSOAn acronym for single sign-on. In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in. Okta provides a seamless experience across PCs, laptops, tablets, and smartphones. for Okta. Below the View Setup Instructions button is a dropdown that allows you to specify what attribute in Okta is used for the identifier for federation with Office 365. Generally this should be UPN.
- It is important to note what attribute is set here, because later on when accounts are created in Office 365, their username must match this setting.
- After setting up SSO, select Next, leaving Provisioning disabled (this step is covered separately in the next section). Select Next again, but do not assign the application to anyone, just select Next, then Done.