Provisioning options for Office 365
This topic explains different provisioning options available for an Office 365 app instance in Okta.
- For Universal Sync, the Okta admin needs permission to manage not only the Office 365 app but also Active Directory.
- Universal Sync doesn't support JIT-enabled Active Directory instances.
- Provisioning passwords isn't supported for federated users.
| Operations supported | Licenses and Roles Management Only | Profile Sync | User Sync | Universal Sync1 |
|---|---|---|---|---|
| Provision Users | ||||
| Push licenses and roles | Y | Y | Y | Y |
| Create user | N | Y | Y | Y |
| Deactivate user | Y | Y | Y | Y |
| Edit user directly from within Office 365 | Y2 | Y | N3 | N4 |
| Sync profile attributes5 | ||||
| Sync basic user profile attributes | N | Y6 | Y | Y |
| Sync limited number of extended attributes in addition to the basic attributes | N | N | Y | Y |
| Sync all extended attributes | N | N | N | Y |
| Sync Active Directory groups and resources7 | ||||
| Sync security groups | N | N | N | Y |
| Sync contacts | N | N | N | Y |
| Sync distribution lists | N | N | N | Y |
| Sync resource mailboxes | N | N | N | Y |
- User Sync and Universal Sync can't be used with Directory Synchronization, Microsoft Entra ID Sync, or Microsoft Entra ID Connect.
- Once you select User Sync or Universal Sync, you can't change your selection back to Profile Sync, unless your org has the Microsoft Graph API feature enabled.
- Exchange Hybrid isn't currently supported.