Deploying o365 with Okta

Copper Contributor

Deploying a tenant with Okta provisioning and a federated domain and think Im missing a key detail. Our main domain (x.com) was federated with Okta in order to get user names and email addresses provisioned respectively e.g. jay@x.com. Since you cannot make a federated domain default Im wondering how people handle this. Usernames and emails come over properly formatted from Okta (jay@x.com), however, when team sites or groups are created the email address comes over as @onmicrosoft.com email addresses and cannot be changed. Is it bad practice to have the default domain the tenant domain of onmicrosoft.com? Would love advice on this topic from anyone using Okta in this manner. 

3 Replies
Is it an issue if the domain is @<tenant>.onmicrosoft.com?
I think this is preferred as these are more functional, and don't clash with existing SMTP addresses. That being said you can always add an additional SMTP address to the Group for the @domain.com to get to it as well.

Okay, thanks and thats good new. Is it possible to set secondary smtp addresses for every account created in the tenant? In google you can simply alias them. 

You can add additional domains to Office 365, and then once these domains are verified you can assign them to recipients (users, groups etc.) but there is no email address policy concept in Exchange Online (unlike on-premises) to automate all users with the new address. You can use PowerShell to add addresses in bulk, or maybe the provisioning system in Okta will do it for you. For my clients with Okta we do provisioning via AADConnect and just use Okta for auth.

 

For groups in O365 you can set up an email address policy to automatically set them with your non-federated custom domain. You cannot use the federated domain as this requires the object is mastered on-premises, and for O365 groups this is not the case as they are cloud only objects.

 

For clarification on the above, in hybrid mode, manage the on-premises objects via Exchange Server on-premises and use an email address policy there to set all the email addressing rules you need. For cloud mastered objects like O365 groups use the cloud EAP as that will manage their email addressing.