Disconnect user from Active Directory

You can disconnect users who were imported from Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (AD) so that they become native Okta users. This is helpful when it is necessary to directly edit user fields such as an email address or to prevent updates from being automatically synced from AD.

To do this, perform the following steps:

  1. From your Administrator Dashboard, select People.
  2. Click the Disconnect from Active Directory button, select the users you want to disconnect, then click the Disconnect Selected button. To disconnect all users from AD, click the Disconnect All button.
  3. In the Disconnect user from Active Directory dialog, decide if you'd like to reset the disconnected users' passwords and then click Disconnect People. If you don't reset passwords, the users are locked out of Okta and are unable to sign into Okta with their AD credentials.

To switch users back to being AD mastered, reimport them to link their Okta accounts to their AD accounts.