Add a certificate to an Active Directory connection

End of sale announcement

Effective May 1, 2026, Okta will no longer sell or renew Advanced Server Access. Existing customers must migrate to Okta Privileged Access within one year of their next scheduled renewal date to maintain service.

Read the FAQ and learn more about Okta Privileged Access.

Adding a certificate allows connections to an Active Directory (AD) server without a password. Users must still sign in to their Okta account before connecting to a server.

  1. Open the Advanced Server Access dashboard.
  2. In the side menu, click Connections.
  3. Identify an existing AD connection.
  4. Click gear icon > Edit. The Update Active Directory Connection window opens.
  5. In the Passwordless Authentication section, click Use an existing certificate.
  6. Select an existing certificate.
  7. Click Update.

Related topics