Supported Architectures for Office 365 Deployment

Before you begin the integration between Okta and Office 365, be aware of the following prerequisites:

Requirements Description
Administrative access to an Office 365 subscription Note: Some Office 365 licenses don’t allow for federation or directory synchronization. Refer to your Microsoft support contact for more clarification.
Administrative access to an Okta organization Administrative access to an Okta subscription.
A DNS domain registered with Office 365 Your own DNS domain to register in Office 365, and federate back to Okta. By default, Office 365 offers a domain in the form yourtenant.onmicrosoft.com and this cannot be used for federation (this will be the Office 365 default domain in many cases).
Access to a domain that is joined to a Windows server* At least one Okta AD agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. installed in your environment. You need to have access to a domain- joined server with visibility to all domains in the forest being used with Office 365. While not best practice, you can install the agent on domain controllers.
Rights to create a service account for the Okta agent in your AD domain*

A service account in your Active Directory user domain for the Okta agent.

Note: this account can be a regular domain user with read-only rights. AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page.-level privileges are required to install the agent and the account can be created during the installation. For complete details see Install and configure the Okta Active Directory (AD) agent

Outbound connectivity to Okta from a server joined to your domain* Your Okta agent communicating with your Okta subscription. I.e., the server(s) where the agent(s) reside must connect to https://yourorgname.okta.com
For Desktop SSOAn acronym for single sign-on. In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in. Okta provides a seamless experience across PCs, laptops, tablets, and smartphones.: A Windows server running IIS 7/7.5* At least one IIS installed Windows server, within the authenticated domain, for Desktop SSO. For details, see Install and configure the Okta IWA Web App for Desktop SSO.
The correct domain suffix and resulting UPNs for users set up in AD* Understand how accounts are created in Office 365 and the changes required for existing AD user accounts prior to migration.
The most up-to-date versions of all your Microsoft systems Ensure that all recent updates to Microsoft operating systems and other software (AADConnect, FIM\MIM, etc.) are applied.
Top