Okta Active Directory (AD) agent

The Okta Active Directory (AD) agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. enables you to integrate Okta with your on-premise Active Directory (AD). AD integration provides delegated authentication supportenabling users to sign in to Okta with their AD credentials, user provisioningassigning users to apps and de-provisioningremoving users from apps. To enable AD integration, you must install the Okta AD agent, and import AD usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control. and groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. into Okta.

AD integrations in a newly-created organization automatically have the following default settings enabled:

There are two common AD scenarios, as illustrated by the diagrams below.