We were using Azure AD connect for SSO for 365 and were synching our AD account password hashes to Azure. We are using DEM Enterprise. Horizon 8.4 / 2111
Today we disabled SSO in Azure AD connect and stopped password hash sync and configured OKTA to handle SSO for 365. Users on physical desktops and standalone vms are working as expected, however all of our users on instant clone vms are getting prompted to sing in to office applications on every log in. We are not using ADFS.
Instant clone VMs are Windows 10 1909 with 64 bit version of office 365.
Master image has Office installed with the following config.
<Display Level="None" AcceptEULA="True" />
<Property Name="SharedComputerLicensing" Value="1" />
Does anyone know what we are missing and why office does not activate when OKTA is the SSO provider?
OKTA SSO was configured using this KB https://help.okta.com/en/prod/Content/Topics/Apps/Office365-Deployment/configure-sso.htm
Is there something we need to add to DEM config for the user or computer side ?
That may be it. Silent Activation was not enabled on my okta tenant, apparently this feature is still private and has to be requested by a customer to be enabled by okta support.
@nettech1 , In normal circumstances ADAL (WS-Federation) should take care of standalone systems. Does Office 365 works fine when accessed via a browser on standalone systems?