Prepare Active Directory for the integration

Before you begin your Active Directory (AD) integration, select the AD attributes that you want to synchronize with or your downstream applications and make sure that your organization is using those attributes for their intended purpose. If you are mapping the same data from two or more domains into one, make sure the data is consistent. If your domains share an attribute and it's used for different values, it can create a problem when the attribute is merged into Okta.

For example, a custom attribute "Attribute 1" is used in Domain A to store users' employee badge numbers and on Domain B it's used to store the last four digits of their corporate credit card. When Domain A and Domain B users are mapped into Okta, Attribute 1 is mapped as a single attribute in Okta. However, depending on the user referenced, the attribute value refers to two different data types. To avoid a similar issue:

  • Make sure that the attribute values are consistent across different domains.
  • Create different attribute mappings between Okta and each of your ad domains. Okta recommends that you make your attribute values consistent at a later date.
  • Take advantage of attribute sourcing. See Designate profile sources for user attributes.