Make Active Directory the Profile Source

Profile sourcing is enabled by default when you install the Okta Active Directory (AD) Agent. Profile sourcing makes Active Directory (AD) the identity authority for connected users. When profile sourcing is enabled, you cannot edit user profiles in Okta and all changes are synchronized to Okta during provisioning events.

If you disable AD as the profile source, changes made in AD are not pushed to Okta. To push passwords to AD, you can enable Sync Password and disable Delegated authentication. Users are assigned an Okta password and subsequent password changes are pushed to AD.

Set the lifecycle settings to define what happens when a user is deactivated in AD. They can be deactivated, suspended, or remain an active user in Okta. Only the highest priority profile source for an Okta user can deactivate or suspend an Okta user. To verify the highest priority profile source, review About profile sourcing.

  1. In the Admin Console, go to Directory > Directory Integrations.
  2. Click Active Directory.
  3. Click the Provisioning tab and select To Okta in the Settings list.
  4. Scroll down to Profile & Lifecyle Sourcing and click Edit.
  5. Select the Allow Active Directory to source Okta users check box.
  6. Optional. Select an option for When a user is deactivated in the app:
    • Do Nothing: Prevents activity in the app from controlling the user life cycle. This still allows profile source control of attributes and mappings.
    • Deactivate Okta user: This default setting allows the user to be automatically deactivated when deactivated in the target app.
    • Suspend Okta user: This setting allows the user to be automatically suspended when deactivated in the target app.
  1. Optional. Select an option for When a user is reactivated in the app:
    • Reactivate suspended Okta users: Allows an admin to choose if a suspended Okta user should be reactivated when they have been reactivated in the app.
    • Reactivate deactivated Okta users: Allows an admin to choose if a deactivated Okta user should be reactivated when they have been reactivated in the app.
  1. Click Save.