switching identity providers

Ronald Soulliard 6 Reputation points


We use an external identity provider (Okta) to provision accounts to Azure. We are moving to a new one. The verified domain is staying the same. My questions are: 1. What happens to the accounts in Azure when we break the sync from Okta? 2. When the new identity provider is connected to Azure, does it create duplicate accounts or are they automatically linked to the existing accounts. 3. Some of the accounts have been granted guest access in other Azure tenants, will they still have access after the change?


Ron Soulliard

Senior IT Engineer

Commure, Inc

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,586 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sandeep G-MSFT 11,331 Reputation points Microsoft Employee

    @Ronald Soulliard

    As I understand currently you are using OKTA as identity provider to sync users and their attributes to Azure AD.

    And you want to integrate your new IDP with Azure AD for your custom domain.

    IDP is used for user authentications. And your question is regarding users getting provisioned using new IDP. To sync users to Azure AD you need to use the Sync tool.

    Once you disconnect OKTA, it will break the link between users and OKTA in Azure AD. However, while installing new sync tool, the users should get soft matched and there should not be any duplicate accounts created.

    When you switch the Identity Providers, there is a change only in the authentication authority.

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments