To provide high availability and failover protection, the installation of two or more Okta Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (AD) agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations.s on separate servers in each domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). is recommended. To add an additional Okta AD agent to a domain, the installation process is identical to your first agent installation. If you created an Okta service account during the first Okta AD agent installation, you are prompted to enter your password during the second Okta AD agent installation.
Installing multiple agents in close geographical proximity to your users does not enhance performance. When you have multiple agents installed, the process randomly selects which agent it uses so user location is not a factor. In addition, setting up large numbers of agents in this manner can cause problems when the system attempts to perform status checks on their performance.
On the host server, sign in to Okta with Super AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. permissions and click Admin to access the Okta Admin Console.
- Click Directory > Directory Integrations.
- Click Active Directory.
- Click the Settings tab and click Add Agent.
- Review the installation requirements, click Set Up Active Directory, and then click Download Agent.
- Run the installer. See Install and configure the Okta Active Directory agent.
Okta AD agent request handling
Each agent connects to Okta independently. To communicate with an AD instance (for example, to authenticate a user), Okta selects an available agent and sends it a task to complete. If one of the agents becomes unavailable, it is automatically removed from the queue and not given additional tasks.
Okta AD agents send periodic messages to Okta. If Okta does not receive a message for 120 seconds, the Okta AD agent is marked as unavailable. After 30 days of inactivity, the API token assigned during the agent installation expires and you'll need to re-install the agent.
Domain controller selection
The Okta AD agent relies on the underlying operating system for domain controller selection.
Change the Okta AD agent user
- Sign in to the server running the Okta AD agent.
- From the Start menu, type run, then type services.msc.
- Locate the Okta AD Agent Service.
- Right-click Okta AD Agent Service and select Properties.
- Select the Log On tab and change the account credentials.
- Restart the service.
- Sign in to the Okta Admin Console, click Dashboard, and confirm that the circle next to the agent name is green.