Update the Okta Active Directory agent

To make sure that you have the most current features and functionality and are getting optimum performance from your Okta AD agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations.(s), you should download and install the latest version of the Okta AD agent on your designated domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). server(s). If you have installed multiple Okta AD agents, make sure that they are all the same version. Running different versions within a domain can cause all agents in that domain to function at the level of the oldest agent. This does not affect other domains.

When you uninstall and reinstall your Okta AD agent, you must decide whether to remove the old Okta API token. If you are performing an upgrade, you are not required to remove the old token. To remove the API token, you must delete the Okta AD agent folder and then deactivate and delete your old agent.

Note: If you intend to continue using an Okta AD agent and want to avoid down time, you must have at least two agents running before you uninstall one of them. For more information, see Install multiple Okta Active Directory agents .

Update without uninstalling

You do not need to uninstall an Okta AD agent to update it. The agent installer automatically updates existing Okta AD agents.

Uninstall the Okta AD agent

  1. In Windows, select Start > Control Panel > Programs > Programs and Features.
  2. Select the Okta AD Agent, and then select Uninstall.
  3. To remove the agent configuration data from the hard drive, on the agent server, go to C:\Program Files (x86)\Okta and delete the Okta AD Agent folder. Deleting this folder removes the agent configuration data and the API token from your hard drive. The API token for the server remains valid in Okta, so it is important to remove the configuration data.
  4. To revoke the API token of an uninstalled agent:
    1. On the Okta AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console, click Directory > Directory Integrations.
    2. Click Active Directory and select the Settings tab.
    3. Under Agent Monitors, click Deactivate agent and then click Deactivate Agent.
    4. Click Delete agent and then click Delete Agent.

Reinstall an Okta AD agent

Installing the Okta AD agent does not overwrite the configuration data in the Okta AD Agent folder. To reinstall and create a new API token, delete the Okta AD Agent folder before reinstalling the Okta AD agent.

  1. Install the Okta AD agent. See Install the Active Directory agent on the host server.
  2. Select Directory > Directory Integrations.
  3. Click Active Directory and the Settings tab.
  4. Confirm that your reinstalled Okta AD agent appears in the Agent Monitors section and it is connected to Okta. A minimum of one Okta AD agent should be online.
  5. Optional. To revoke the Okta API token of the old Okta AD agent:
    1. Under Agent Monitors,click Deactivate agent for the old Okta AD agent and then click Deactivate Age. Deactivating the agent revokes its API token.
    2. Click Delete agent and then click Delete Agent.