Part of the Okta-M365 Integration guide: Troubleshooting
Users trying to log into M365 get an error message: "Office 365 Login Failure" or are unable to access M365 in other ways.
Cause
M365 users who are imported to Okta without an ImmutableID attribute lose access to M365 apps after federation.
WARNING
Complete Step 1 before proceeding. If you skip it, the affected users will lose their M365 license when you remove their M365 assignment in Step 2.
Solution
In Okta's Microsoft Office 365 integration app, open the Provisioning tab and temporarily disable Update Users and Deactivate Users.
For each affected user, remove their M365 assignment:
If assigned individually — click the x to remove the M365 assignment from the user.
If assigned via a license-based group — remove the user from that group.
Delete the user in Okta.
In M365, use PowerShell to assign an ImmutableID to the user.
In the Okta-M365 integration app, on the Provisioning tab, re-enable Update Users and Deactivate Users.
Reimport the user to Okta and click Confirm Assignment — M365 will be automatically reassigned to the user as an individual assignment.
Still having trouble? Contact ZeroTek Support at support@zerotek.com and our team will be happy to help.