See Microsoft doc: Delegating Authority to Modify SPNs.Ĭreate a password that is a minimum of 14 characters, and check the Password never expires box. Additionally, admin permissions are not required for the service account, but specific permissions are needed to set the SPN.
The service account username plus domain name must be 16 characters at minimum. This procedure includes the following main steps: When using ADSSO or Office 365 Silent Activation, Okta recommends using AES 128-bit (AES-128) or AES 256-bit (AES-256) encryption. RC4_HMAC_MD5 encryption is not supported with AD Single Sign-On and Office 365 Silent Activation.