Password synchronization use cases

The following table lists password synchronization use cases for Active Directory (AD) and indicates which settings and components are required for their implementation.

Use case Enable DelAuth in Okta AD settings Install Password Sync Agent Enable Sync Password in Okta AD settings Enable Sync Password in app
Allow users to use their AD credentials to sign in to Okta and optionally push AD passwords to provisioning-enabled apps
Allow users to use Desktop Single Sign-on (DSSO) to access Okta or push AD passwords to provisioning-enabled apps
Sync an Okta user's password to an AD user profile
Sync Okta passwords to AD and push passwords to provisioning-enabled apps

The Okta AD Password Sync Agent must be installed and configured on every domain controller in each domain in your forest. The Okta username format must be either User Principal Name (UPN) or Security Account Manager (SAM) name.

This option is available only in the provisioning settings of eligible Secure Web Authentication (SWA) apps.

Related topics

Enable delegated authentication for LDAP

Configure Active Directory provisioning settings

Synchronize passwords from Active Directory to Okta

Configure provisioning for an app integration