Okta Active Directory agent variable definitions

This table lists the appSettings in the Active Directory (AD) agent configuration file:
C:\Program Files (x86)\Okta\Okta AD Agent\OktaAgentService.exe.config

Do not modify these settings unless you fully understand the repercussions of your changes.



BaseOktaURI URL for the org.
AgentToken Encrypted value for the API token that the agent uses for calling Okta.
AgentId Unique identifier for the agent, generated during installation.
AppId Unique identifier for the directory to which this agent belongs. The AppId forms part of the URL when you are on the directory integrations page for this instance. For example:


AgentName Human readable ID for the agent. By default, this is the hostname of the server on which the agent is installed. Changes to the value are reflected in the Okta AD Agent Manager but not in Okta.
ProxyURI The url:port for the proxy used by this agent, if any. If no value is given for this setting, then a proxy is not being used. Likewise, if there is a value that cannot be resolved as a valid URL, no value is given for this setting.
ProxyUsername If the proxy requires authentication, the username is used. By default, no value is given for this setting (none required).
ProxyPassword If the proxy requires authentication, the encrypted value for the password is used. By default, no value is given for this setting(none required).
PollingThreads The number of concurrent polling requests (between 1 and 10) running between the agent and Okta. A number outside this range sets the number of threads at the minimum or maximum (whichever boundary is exceeded). The default value is 2.
VerboseLogging The value is either True or False. True ensures that the log contains more information (mostly in the user provisioning flow). The default value is False.
ConnectionLimit The value for system.net.servicepointmanager.defaultconnectionlimit. The default .NET limit of two concurrent connections is maintained if Okta fails to parse the value of this setting.
MaxRetryLimitSleep Related to circumstances when an agent is unable to reach Okta. The intervals during which disconnected agents are not polling Okta become progressively longer. When the agent is reconnected, polling resumes at the normal frequency. This setting specifies the duration of non-polling ("sleep") intervals. By default, this setting is set to the maximum setting of 1 hour in milliseconds (3600000).


The time in milliseconds to post a single delegated authentication result from an Okta AD agent to a server. If the post times out or is unsuccessful due to a RETRYABLE error, and the maximum retry count is not reached, the post is attempted again after a short delay. Subsequent attempts have the same interval in addition to the delay or sleep interval. The lowest value is 5000 or 5 seconds.


Defines the maximum allowable retries for posting scan data.

SslPinningEnabled When SSL pinning is enabled, the Okta AD Agent confirms that the SSL certificate presented by the Okta org matches one of the keys hard-coded in the agent. The default value for an Early Access (EA) version of the agent is True. The default value for a Generally Available (GA) version of the agent is False.