Can you map the Okta user ID as an Office 365 Immutable ID?
Solution: Not possible and not intended to be possible as it cannot work like this
Can you include / exclude users from specific Network Zones defined in Okta from both Sign On and Password policies?
Solution: You can do this with both policy types mentioned
Whenever you make an API call, you will then get back:
Solution: Response headers
What does it mean: "Mapping Direction AD to Okta"?
Solution: Indicates a schema of attribute values flowing Okta towards AD
With Okta you federate the 'Office 365 tenant name' (which is the default Microsoft domain you have) or the 'Office 365 domain'?
Solution: You federate with Okta only the 'Office 365 domain'
When you are trying to federate (via WS-FED) Office 365 with Okta:
Solution: You can choose between SAML 2.0 or OIDC for the current integration
Speaking of Okta Template App and Okta Pluin Template App, which of the following RegEx can you create for an allow list of URLS so that both endpoints for /login or /change_password are accepted under example.com domain?
Solution: https://example.com/(login|change_password)
Which is a / are best-practice(s) in a SAML 2.0 situation?
Solution: To not use SAML 2.0 and Provisioning via the same App instance in Okta, but integrate the same SP custom domain via two different app instances in Okta, one for SSO, via SAML 2.0 in this case, and one for provisioning on users
In order for SAML to work, there is a need of an IDP and an SP and we know that already, but why is it so? Because:
Solution: An SP sends SAML assertions, while the IDP receives and validates them
As an Okta best-practice / recommendation: Okta encourages you to switch from Integrated Windows Authentication (IWA or DSSO) to agentless Desktop Single Sign-on (ADSSO). Okta is no longer adding new IWA functionality and offers only limited support and bug fixes.
Solution: Only the second statement is true
TESTED 16 Oct 2025