About group duplication in Microsoft Office 365
If your application also imports groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. from Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (for example, Office 365 via DirSync), and provisioning is enabled in the appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in., you may have duplicate groups in Okta. This happens under the following conditions:
- You have two or more Active Directory forests. For example, forestA and forestZ.
- Microsoft DirSync is configured on forestA to synchronize all groups from the forest into an Office 365 (Azure AD) instance.
- Your Okta AD agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. is configured to import users and groups from both forestA and forestZ into an Okta orgThe Okta container that represents a real-world organization..
- Okta is configured for provisioning with users from forestZ to the same Office 365 tenant.
When you configure provisioning on the forestZ Office 365 app, it automatically imports groups from Office 365 into Okta. There are groups in Office 365 that are imported from forestA that already exist in Okta because of a sync from the forestA AD agent.Top