Install and Configure the Okta Active Directory Agent

Okta Active Directory (AD) integration allows you to integrate Okta with your on-premise AD. AD integration provides delegated authentication support (allowing usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control. to sign in to Okta with their AD credentials), user provisioning and de-provisioning, and the ability to import users and AD groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups..

To enable AD integration, you must install the Okta AD agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations.. Before installing the agent, you must create a special administrative user whose password is Okta-specific and not tied to AD. Once you integrate AD, users that you deactivate in AD are also deactivated in Okta and the assignment is broken. If you later reactivate that user, the user is re-imported into the initial unassigned state.

AD integrations in a newly-created organization automatically have the following default settings enabled:

  • Delegated authentication
  • Just-in-Time (JIT) provisioning
  • The import schedule set to never
  • Profile mastering