Share via

Microsoft outlook classic has OKTA authentication pop up, how to bypass from 365 admin?

Soe Thet Oo Adm 0 Reputation points
2026-03-10T03:43:47.81+00:00

User's image

Outlook | Windows | Classic Outlook for Windows | For business

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vergil-V 12,200 Reputation points Microsoft External Staff Moderator
    2026-03-10T05:10:25.65+00:00

    Hi @Soe Thet Oo Adm 

    Thank you for contacting the Microsoft Q&A forum.     

    To provide accurate guidance, could you clarify what you mean by “bypass”? 

    Are you trying to avoid using Okta for single sign‑on entirely, or are you referring specifically to skipping the MFA step while still using Okta? 

    For the first scenario, you can follow the guidance shared earlier by the Q&A Assist response, which provides the correct steps for changing the authentication method. 

    For the second scenario, you may refer to the Okta documentation below. These articles explain how to bypass MFA for a specific group of users and how to configure the Office 365 app sign‑on policy: 

    This information is provided as a convenience to you. These sites are not controlled by Microsoft, and Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please ensure that you fully understand the risks before using any suggestions from the above link.  

    Based on the documentation and your situation, MFA bypass is handled entirely within the Okta system.  It is important to highlight that this configuration cannot be done from the Microsoft 365 Admin Center.  All bypass actions, rules, and policies must be created and managed directly in Okta. 

    I hope this helps bring more clarity to your situation.  If you have any updates after reviewing this information, please feel free to share. 

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".         

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Q&A Assist
    2026-03-10T03:44:01.4833333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To bypass Okta and have Outlook Classic authenticate directly with Microsoft 365, the domain must be moved from federated (Okta) authentication to managed (Microsoft Entra ID) authentication. This is done in Microsoft 365/Entra, not from the Outlook client.

    High‑level steps (tenant‑wide change):

    1. Open an elevated PowerShell session on an admin workstation.
    2. Install and load Microsoft Graph PowerShell if not already present: 
         Install-Module Microsoft.Graph
    3. Connect to Microsoft Entra ID with a Hybrid Identity Administrator (or equivalent) account: 
         Connect-MgGraph -Scopes "Domain.ReadWrite.All", "Directory.AccessAsUser.All"
    4. Convert the federated domain (currently using Okta) to managed authentication: 
         Update-MgDomain -DomainId yourdomain.com -AuthenticationType "Managed"
      Replace yourdomain.com with the actual Microsoft 365 domain used for user UPNs/email.
    5. Verify that the domain is now managed: 
         Get-MgDomain -DomainId yourdomain.com
      Confirm that the AuthenticationType is Managed.

    Once the domain is set to managed, users signing into Outlook Classic (and other Microsoft 365 apps) will be directed to Microsoft Entra ID sign‑in instead of the Okta page. Okta will no longer be used as the federation provider for that domain.

    This is a tenant‑level change and affects all sign‑ins for that domain, so it should be planned, communicated, and tested according to the organization’s identity strategy.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.