Prepare Active Directory for the integration

Before you begin your Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (AD) integration, select the AD attributes that you want to synchronize with or your downstream applications and make sure that your organization is using those attributes for their intended purpose. If you are mapping the same data from two or more domains into one, make sure the data is consistent. If your domains share an attribute and it is used for different values, it can create a problem when the attribute is merged into Okta.

For example, a custom attribute "Attribute 1" is being used in DomainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). A to store users' employee badge numbers and on Domain B it is being used to store the last four digits of their corporate credit card. When Domain A and Domain B users are mapped into Okta, Attribute 1 is mapped as a single attribute in Okta. However, depending on the user being referenced, the attribute value refers to two different data types. To avoid a similar issue:

  • Make sure that the attribute values are consistent across different domains.
  • Create different attribute mappings between Okta and each of your ad domains. Okta recommends that you make your attribute values consistent at a later date.
  • Take advantage of Attribute Level Mastering.