Federate multiple Office 365 domains in a single app instance

You can automatically federate multiple Microsoft Office 365 domains within a single Office 365 appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. instance in Okta. This eliminates the need to configure a separate Office 365 app instance for each Office 365 domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https)..

This is useful in the following scenarios:

  • You have multiple Office 365 domains in a single Office 365 tenant and don’t want to create separate app instance for each domain.
  • You have multiple Office 365 domains in a single Office 365 tenant and want to apply the same set of policies to all of them.

This feature is not available for manual WS-Federation method.




Configure domains

  1. In Office 365 application instance, open Sign On > Settings in Edit mode.

  2. In Sign On Methods, select WS-Federation.
  3. Select Automatic for WS-Federation Configuration.
  4. Click on View Setup Instructions. Procedure to configure Office 365 WS-Federation will open in a new window.
  5. Refer to the Prepare your domain for federated authentication section of the procedure to ensure you have correctly prepared your domains for federation.
  6. Back on the Sign On tab, enter Office 365 AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Username and Office 365 Admin Password for your Microsoft Office 365 tenant.
  7. In Office 365 Domains, click Fetch and Select to add verified domains. Verified domains for the Office 365 tenant will be displayed.
  8. Select domains that you want to federate.
  9. Back on the Sign On tab, click Save.

Validate federated domains

  1. Sign in to Okta as an end user that belongs to an Office 365 domain you just federated.
  2. Access Office 365 through the end-user dashboard.
  3. Ensure you can log in successfully.
  4. Repeat these steps for test users from all federated Office 365 domains.

Alternatively, you can use the following PowerShell cmdlet for each federated domain to verify that the domain has been successfully federated:

Get-MSOlDomainFederatioNSettings -domainname <domain name>


Related Topics