Enable Okta-mastered user Organizational Unit updates

When an Okta-mastered user or a user mastered by a human resources application is added to an Okta group that provisions to Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (AD), the matching AD user is automatically moved to the organizational unit (OUAn acronym of Organizational Unit. Organizational units are Active Directory containers into which you can place users, groups, computers, and other organizational units. It is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority.) to which the group provisions. Your organization can provision multiple groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. to AD and each of the groups can provision to a different OU. When a user belongs to multiple groups, group priority order determines which OU the user is added. The group priority order is respected when a user is added to a group, and the OU does not always change.

  1. On the Okta AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console, click Directory > Directory Integrations
  2. Click an Active Directory (AD) instance.
  3. Click the Settings tab and scroll to Update User Attributes.
  4. Select Update OU when the group that provisions a user to AD changes.