Manage Active Directory users and groups
When you complete your Active Directory (AD) integration, you'll want to import and manage user and group data. Use these topics to learn how to import and manage user and group data.
The AD user profile schema requires both the first and last name. You can create an Okta mastered user without a first or last name, but you cannot import an AD user into Okta without a first and last name.
To deactivate user accounts temporarily, use the Suspend procedure. See Suspend or unsuspend users. If you set an AD-managed account into Password Reset status, the user can still access Okta Mobile by using PIN or FaceID authentication.
- Import Active Directory users on demand
- Schedule Active Directory user imports
- Add and update users with Just-In-Time provisioning
- Make first and last name optional in Active Directory
- Confirm imported Active Directory user assignments
- Import groups from Active Directory
- Push groups from Okta to Active Directory
- Enable universal security group support
- Configure enhanced group push for Active Directory organizational units
- Enable Okta-sourced user Organizational Unit updates
- View users and groups associated with an Active Directory instance
- Remove a group from Active Directory provisioning
- Disconnect users from Active Directory