Azure, Exchange Online, Identity, Okta, Powershell

Setting up Okta User -> Office 365 contact synchronisation

2 Comments

Okta natively does not allow you to sync users to Office 365 contacts; they either exist as users in Office 365, or they don’t exist at all.

In hybrid scenarios where you are doing a staged migration to Office 365, or where you simply manage your contacts in Okta, you may want to populate the Global Address List in Office 365 with your Okta users.

I’ve written a simple solution for this, you will require:

  1. Okta Admin Access (to obtain a token)
  2. Office 365 credentials (to write / modify Contacts)
  3. An Azure Subscription (for automation)

The solution will sync your users in Okta to Office 365, take note of the following:

  1. It only syncs if the user isn’t already synced by AADConnect
  2. It only syncs users with both a first and lastname and valid email address
  3. It will update/sync the following fields:
    1. Email
    2. Firstname
    3. Lastname
    4. Address
    5. Country
    6. DisplayName
    7. Zip Code
    8. City
    9. Department
    10. Title

1. Retrieve an Okta API token

Save the value you are provided, you will need it later.

2. Find your Okta API URL

The section marked in red contains your company name, use that to create an URL such as this:

https://lieben.okta.com

here, ‘lieben’ is my company name, insert yours there. Save this URL, you’ll need it later, do not use a trailing /.

3. Go to portal.azure.com, log in and create an automation account (default) or select your existing automation account

4. Import my script as a runbook into your Automation Account

Alternatively, you can get the source from GitLab

5. Create a credential asset in your automation account with your Office 365 credentials for the script to use6. Create another credential asset, this one with your OKTA TOKEN, fill in the OKTA token as password, you can leave the username empty.

7. Under runbooks, navigate to the imported runbook and click on it, then click edit -> publish to allow scheduling of the runbook.

8. Now that it is published, you’ll be able to schedule it with the parameters you’ve defined in the previous steps:

I don’t recommend running it more than once a day. If there are issues, you’ll be able to find them under the Jobs section of your automation account.

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Rajiv
Rajiv
5 years ago

We have Exchange 2013 hybrid environment with Azure AD connect and Okta for SSO. Now we want to move all our servers to AWS once the migration complete including Exchange hybrid server, Azure AD Connect and OKTA from On-Premises. What are the steps we need to follow to move Azure ADConnect.

0
Reply
View Replies (1)