Active Directory integration: DMZ server ports

If you installed the AD agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. on a DMZ server, you must open the following ports:

In addition, you must open your DCOM RPC ports. In addition to TCP 135, Microsoft RPC (MS-RPC) uses randomly generated ports from TCP 49152-65535 for Vista/2008 and above. These ports are also known as "random RPC ports." RPC clients use the RPC Endpoint Mapper (EPM) which runs on TCP135 to tell them which dynamic ports were assigned to the server.

For detailed information on configuring your ports on a DMZ server, see the Microsoft Support page. For more information on the required network ports, refer to Service overview and network port requirements for Windows. For more information on random RPC ports, refer to How to configure RPC dynamic port allocation to work with firewalls.