Differences in attribute support for Basic vs Token-Based Authentication

CyberArk's Office 365 app template for SSO and provisioning supports both basic and token-based authentication (TBA) for provisioning users and groups. Microsoft will end support for basic authentication in the second half of 2022.

The Microsoft Graph API's supprt for user and group attributes varies depending on whether you use basic authentication or TBA. Some attributes are not supported in TBA but are supported in basic authentication when you migrate from basic Authentication to TBA.

Microsoft recommends migrating to TBA for reasons mentioned in https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online; however, we continue to support basic authentication for provisioning users. There will be no impact on your existing deployment if you do not migrate to TBA. This migration guide includes the steps required to migrate your Office 365 integration with CyberArk Identity, and to provide additional context to set expectations. General questions about Microsoft's support for TBA should be directed to Microsoft support.

Migrating from basic authentication to TBA includes the following limitations.

 

The upcoming releases will include the updated scope of limitations associated with migration.