Alex Taylor Internet enthusiast

Okta – Day 4 – Integrating Okta with Active Directory-Mastered Users


Okta Basics Curriculum: Integrate Okta with Active Directory-Mastered Users

For folks brand new to identity, some background research will be needed at this point – you’re going to need to understand the basics of Active Directory and how it works.

Active Directory is a Microsoft directory service that manages computers and other devices operating in a network. Users accessing a similar database may be grouped into a single domain. A group of domains is referred to as a tree, while a group of trees is called a forest.

Active Directory is a huge hulking beast of a topic and there’s plenty that I don’t even know about it – I’ll eventually write a separate series about AD as I level up my skills on that side of things, For now, just know that Active Directory is a directory service, and we’re going to import users from AD into Okta.

The key difference between directory-mastered users and Okta-mastered users is that directory-mastered users will authenticate against the external directory’s password policy, which is maintained by the directory administrator. Generally, these users can’t use Okta to change their directory password, although Okta super admins do have some power to make that change.

Okta manages the Active Directory integration with an agent that you’ll need to download and install on a Windows Server. The agent wizard does most of the work – you’ll provide all the information needed about your Okta service account and the agent will build the API.

Once the agent installation and setup is complete, you’ll be prompted to select which Organizational Units you want to import into Okta, and then you’ll be prompted to select which attributes from AD you want to include in your Okta User Profiles.

Once all of the above is complete, the integration process is essentially done – from here, you can begin importing users from Active Directory and building out their identity profiles in Okta. Manual confirmation and activation is an option, but you also have a few options – you can implement Just in Time provisioning, which creates and activates Directory-Mastered accounts as the person logs into Okta, or you can set up scheduled imports.

That wraps up things up for today – tomorrow we’ll learn about importing LDAP-Mastered users.

About the author

By alexntaylor
Alex Taylor Internet enthusiast

Privacy advocate
Process developer
Product manager

Experience in information security, customer success, compliance and privacy, risk management, identity and access, and service deployment. Former teacher. Always learning.

We should hang out.