Okta AD agent installation and update recommendations

An Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (AD) service account is required to install the Okta AD agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations.. It is important that the service account has permissions in all domains in that forest to read and access users in all domains to which the agent connects.

In general, Okta recommends you use the same AD service account to install all of your agents. This simplifies maintenance on the service account itself such as password rotation, so that the agent isn't negatively impacted.

Planning for agent updates will depend on your current change management process. Treat an agent update the same as any standard server patch process. Update each agent one or two at a time, sequentially and consistently. Avoid taking all agents down at the same time.

Agent updates can be installed over existing agents. There is no need to uninstall the existing agent first. It is possible to uninstall the existing agent and install the updated agent version. However, this requires additional steps to ensure a complete and clean uninstall.

As with all updates and configuration changes, Okta recommends that you upgrade your Okta Preview environment first to ensure everything is working correctly before upgrading your Production environment.