Okta incident

O365 OIN Provisioning Setup Issue

Minor Resolved View vendor source →

Okta experienced a minor incident on October 3, 2024 affecting okta-emea.com cell 1 and okta.com cell 1 and 1 more component, lasting 341d 21h. The incident has been resolved; the full update timeline is below.

Started
Oct 03, 2024, 10:38 PM UTC
Resolved
Sep 10, 2025, 07:47 PM UTC
Duration
341d 21h
Detected by Pingoru
Oct 03, 2024, 10:38 PM UTC

Affected components

okta-emea.com cell 1okta.com cell 1okta.com cell 2okta.com cell 3okta.com cell 4okta.com cell 6okta.com cell 7okta.com cell 8okta.com cell 9okta.com cell 11

Update timeline

  1. resolved Oct 03, 2024, 10:38 PM UTC

    At 12:52 PM PDT on October 10, 2024, the Engineering team became aware of a provisioning setup issue with Office365 affecting customers on all cells. SSO and federation services are not impacted. The Engineering team is investigating the root cause to mitigate the issue. We’ll provide an update in 30 minutes, or sooner if additional information becomes available.

  2. resolved Oct 10, 2024, 09:00 PM UTC

    The Engineering team has confirmed that only the provisioning setup is impacted and is still investigating the root cause to mitigate the issue. We'll provide an update in 30 minutes or sooner if additional information becomes available.

  3. resolved Oct 10, 2024, 09:39 PM UTC

    The Engineering team has confirmed that only the provisioning setup is impacted and is still investigating the root cause to mitigate the issue. We'll provide an update in 30 minutes or sooner if additional information becomes available.

  4. resolved Oct 10, 2024, 10:14 PM UTC

    Okta customers attempting to setup an Office 365 provisioning integration may run into issues due to Microsoft configurations requiring MFA for admin service accounts. Administrators should review their Microsoft configurations if they face an error when validating the API integration. Customers should follow the guidance outlined in our documentation: https://help.okta.com/en-us/content/topics/apps/office365-deployment/provision-users.htm#1 The following KB article is available with details on how to ensure the configuration is correct: https://support.okta.com/help/s/article/how-to-check-for-mfa-enforcement-in-entra?language=en_US

  5. resolved Oct 21, 2024, 05:20 PM UTC

    Timing: Incident start: October 3, 2024, at 6:38 PM PDT Incident resolved: October 10, 2024, at 3:22 PM PDT Detection: Customers began reporting that they were unable to save their Office 365 application in Okta when “User Sync” or “Universal Sync” was selected for provisioning. Impact: Customers would receive a 400 error when attempting to save an Office 365 application after completing the Microsoft consent page. Root Cause: Okta Engineering has confirmed that impacted customers had Microsoft Entra conditional access policy enforcing MFA for the service account used by Okta’s provisioning service. Accounts used for provisioning must not have MFA or require any manual intervention. Remediation Steps: Okta Customer Support advised customers to exclude the service account from the conditional access policy. Once the service account was excluded, the provisioning service began functioning as expected, allowing the customer to save the Office 365 app in Okta without encountering the HTTP 400 error. Guidance is provided in Okta’s Office 365 Provisioning documentation: https://help.okta.com/en-us/content/topics/apps/office365-deployment/provision-users.htm#1 Steps for explicitly checking for MFA enforcement can be found here: https://support.okta.com/help/s/article/how-to-check-for-mfa-enforcement-in-entra?language=en_US