Provisioning options for Office 365
This topic explains different provisioning options available for an Office 365 app instance in Okta.
- For Universal Sync, the Okta admin needs permission to manage not only the Office 365 app but also Active Directory.
- Universal Sync doesn't support JIT-enabled Active Directory instances.
- Provisioning passwords isn't supported for federated users.
Operations supported | Provisioning options | |||
---|---|---|---|---|
Licenses and Roles Management Only | Profile Sync | User Sync | Universal Sync1 | |
Provision Users | ||||
Push licenses and roles | Y | Y | Y | Y |
Create user | N | Y | Y | Y |
Deactivate user | Y | Y | Y | Y |
Edit user directly from within Office 365 | Y2 | Y | N3 | N4 |
Sync profile attributes5 | ||||
Sync basic user profile attributes | N | Y6 | Y | Y |
Sync limited number of extended attributes in addition to the basic attributes | N | N | Y | Y |
Sync all extended attributes | N | N | N | Y |
Sync Active Directory groups and resources7 | ||||
Sync security groups | N | N | N | Y |
Sync contacts | N | N | N | Y |
Sync distribution lists | N | N | N | Y |
Sync resource mailboxes | N | N | N | Y |
- User Sync and Universal Sync can't be used with Directory Synchronization, Azure Active Directory (AAD) Sync, or Azure Active Directory Connect.
- Once you select User Sync or Universal Sync, you can't change your selection back to Profile Sync, unless your org has the Microsoft Graph API feature enabled.
- Exchange Hybrid isn't currently supported.