Delegated authentication with Active Directory

When Okta is integrated with an Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (AD) instance, delegated authentication is enabled by default. With delegated authentication, this is what happens when users sign in to Okta:

To provide high availability and failover protection, the installation of two or more Okta AD agents on separate servers in each domain is recommended. If an Okta AD agent stops running or loses network connectivity, authentication requests are automatically routed to other Okta AD agents.

Delegated authentication maintains persistence for your directory authenticated (DelAuth) sessions and AD is maintained as the immediate and ultimate source for credential validation. As AD is responsible for authenticating users, changes to a user’s status (such as password changes or deactivations) are immediately pushed to Okta.

Related topics

Import Active Directory users