Install multiple Okta Active Directory agents

To provide high availability and failover protection, Okta recommends that you install two or more Okta Active Directory (AD) Agents on separate servers in each domain.

If an Okta AD agent stops running or loses network connectivity, authentication requests automatically route to other Okta AD Agents.

To add multiple Okta AD agent to a domain, the installation process is identical to your first agent installation. If you created an Okta service account during the first Okta AD agent installation, you must provide your password during the second Okta AD agent installation.

Installing multiple agents in close geographical proximity to your users doesn't enhance performance. When you have multiple agents installed, the process randomly selects which agent it uses so user location isn't a factor. In addition, setting up large numbers of agents in this manner can cause problems when the system attempts to perform status checks on their performance.

Each agent connects to Okta independently. To communicate with an AD instance (for example, to authenticate a user), Okta selects an available agent and sends it a task to complete. If one of the agents becomes unavailable, it's automatically removed from the queue and not given additional tasks.

An Okta AD agent sends periodic messages to Okta. If Okta doesn't receive a message for 120 seconds, the Okta AD agent is marked as unavailable. After 30 days of inactivity, the API token assigned during the agent installation expires and you'll need to reinstall the agent.

The Okta AD agent relies on the underlying operating system for domain controller selection.

  1. On the host server, sign in to Okta with Super Admin permissions and click Admin to access the Okta Admin Console.
  2. In the Admin Console, go to DirectoryDirectory Integrations.
  3. Click Active Directory.
  4. Click the Agents tab and click Add Agent.
  5. Review the installation requirements, click Set Up Active Directory, and then click Download Agent.
  6. Run the installer. See Install the Okta Active Directory agent.

To check the status of the second agent, click Dashboard on the Okta Admin Console. A green circle next to the agent name indicates that the agent is connected and healthy.