Okta Org2Org supported features

This table lists the features and functionality available with an Okta Org2Org integration.

  • Okta can't source users by Org2Org and Active Directory (AD) at the same time.
  • Push password updates don't apply to users with the Federated provider type.
  • The Org2Org integration isn't available in Okta Developer Edition orgs. If you need to test this feature in your Developer Edition org, contact your Okta account team.

Feature

Description

Import new users

Users created in the connected org can be imported into Okta.

Import profile updates

Updates made to a user's profile in the connected org are downloaded and applied to the Okta user profile.

Import user schema

Imports more user attributes from the connected org. This is also known as schema discovery.

Push new users

Users created in Okta are also created in the connected org.

Push password updates

User password updates made in Okta are pushed to the connected org.

This doesn't apply to federated users (for example, users from an external IdP in the source org or users provisioned through JIT).

Push profile updates

Updates made to the Okta user profile are pushed to the connected org.

Push User Deactivation

Deactivating a user or disabling app access in Okta removes all user data and the user account in the connected org. When a user is suspended, their data isn't removed and they can't access the app.

Reactivate users

User accounts can be reactivated in the connected org.

When a user account is suspended in the downstream org (hub), and deactivated in the upstream org (spoke), a reactivate user action in the spoke results in the user being reactivated in both spoke and hub.

Push groups

Groups and their members can be pushed to the connected org. See Group Push.

Profile sourcing

Makes the connected org the profile source.