Okta Active Directory agent variable definitions

This table lists the appSettings in the Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (AD) agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. configuration file:
C:\Program Files (x86)\Okta\Okta AD Agent\OktaAgentService.exe.config

This information is provided for reference only. These settings should not be modified.

Variable Description
BaseOktaURI URL for the orgThe Okta container that represents a real-world organization.
AgentToken Encrypted value for the API token that the agent uses for calling Okta
AgentId Unique identifier for the agent, generated during installation
AgentName Human readable ID for the agent. By default, this is the hostname of the domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). controller on which the agent is installed. Changes to the value are reflected in the Okta AD Agent Manager but not in Okta
AppId Unique identifier for the directory to which this agent belongs. The AppId forms part of the URL when you are on the directory integrations page for this instance. For example:

https://acme.okta.com/adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page./appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in./active_directory/instance/0oa5c6b3zzMBmPCoH0h7

ProxyURL The url:port for the proxy used by this agent, if any. If no value is given for this setting, then a proxy is not being used. Likewise, if there is a value that cannot be resolved as a valid URL, no value is given for this setting
ProxyUsername If the proxy requires authentication, the username is used. By default, no value is given for this setting (none required)
ProxyPassword If the proxy requires authentication, the encrypted value for the password is used. By default, no value is given for this setting(none required)
PollingThreads The number of concurrent polling requests (between 1 and 10) running between the agent and Okta. A number outside this range sets the number of threads at the minimum or maximum (whichever boundary is exceeded). The default value is 2
VerboseLogging The value is either True or False. True ensures that the log contains more information (mostly in the user provisioning flow). The default value is False
ConnectionLimit The value for system.net.servicepointmanager.defaultconnectionlimit. The default .NET limit of two concurrent connections is maintained if Okta fails to parse the value of this setting.
MaxRetryLimitSleep Related to circumstances when an agent is unable to reach Okta. The intervals during which disconnected agents are not polling Okta become progressively longer. When the agent is reconnected, polling resumes at the normal frequency. This setting specifies the duration of non-polling ("sleep") intervals. By default, this setting is set to the maximum setting of 1 hour in milliseconds (3600000).
SslPinningEnabled When SSL pinning is enabled, the AD agent confirms that the SSL certificate presented by the Okta org matches one of the keys hard-coded in the agent. The default is True.
Top