Password synchronization use cases
The following table lists password synchronization use cases for Active Directory (AD) and indicates which settings and components are required for their implementation.
Use case | Enable DelAuth in Okta AD settings | Install Password Sync Agent† | Enable Sync Password in Okta AD settings | Enable Sync Password in app‡ |
---|---|---|---|---|
Allow users to use their AD credentials to sign in to Okta and optionally push AD passwords to provisioning-enabled apps | ● | ● | ||
Allow users to use Desktop Single Sign-on (DSSO) to access Okta or push AD passwords to provisioning-enabled apps | ● | ● | ● | |
Sync an Okta user's password to an AD user profile | ● | |||
Sync Okta passwords to AD and push passwords to provisioning-enabled apps | ● | ● |
† The Okta AD Password Sync Agent must be installed and configured on every domain controller in each domain in your forest. The Okta username format must be either User Principal Name (UPN) or Security Account Manager (SAM) name.
‡ This option is available only in the provisioning settings of eligible Secure Web Authentication (SWA) apps.
Related topics
Enable delegated authentication for LDAP
Configure Active Directory provisioning settings