Error "Invalid username or password" when activating Office 365 securlets

book

Article ID: 171265

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced Data Loss Prevention Cloud Package

Issue/Introduction

The customer is trying to activate Office 365 with the options: Mail, OneDrive, and Sites using ADFS SSO Global Admin Account has caused Error "Invalid username or password"

Resolution

Using ADFS SSO for CloudSOC login is supported and on the Office 365 side, it is supported for Mail, OneDrive and admin activities.  However, when Sites option is enabled, the import of top level sites uses a special Microsoft API and requires a non-ADFS SSO Global Admin account. This is for one time use only where subsequent retrieval of additional top level sites is done through the Management API and the document exposures and content inspection of files/folders in the top level sites and subsites is done through the sharepoint API, both of which are supported.
The solution is to use a special non-SSO Global Admin account just at the time of activation for importing the sites.  Afterwards, this account can be disabled.