Disconnect user from Active Directory

You can disconnect users who were imported from Active Directory (AD) so that they become native Okta users. This is helpful when it is necessary to directly edit user fields such as an email address or to prevent updates from being automatically synced from AD.

To do this, perform the following steps:

  1. From your Administrator Dashboard, select People.
  2. Click the Disconnect from Active Directory button, select the users you want to disconnect, then click the Disconnect Selected button. To disconnect all users from AD, click the Disconnect All button.
  3. In the Disconnect user from Active Directory dialog, decide if you'd like to reset the disconnected users' passwords and then click Disconnect People. If you don't reset passwords, the users are locked out of Okta and are unable to sign into Okta with their AD credentials.

To switch users back to being AD mastered, reimport them to link their Okta accounts to their AD accounts.