Active Directory integration implementation options
How you implement your Okta Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (AD) integration is dependent on the size of your organization, your business requirements, and the scopeA scope is an indication by the client that it wants to access some resource. of your deployment. There are two options:
- Proof of Concept (POC) or simple deployment — If you're doing a POC or a simple AD integration, you'll probably want to install the Okta AD agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations., import some users, and configure basic settings. You may not need high availability (HA) or disaster recovery (DR) options, or be concerned about the attributes you import from your AD user profiles into Okta.
- Large scale enterprise deployment — For large enterprise deployments, it is likely that you'll want to do some planning before installing the Okta AD agent and importing user data.
You can adjust your configuration options and make changes as your implementation evolves. These topics can help you plan your implementation:
These diagrams illustrate the two most common AD integration scenarios.
AD single forest and single domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). deployment
AD single forest and multiple domain deployment