Okta AD agent configuration variable definitions
This topic details the appSettings listed in the Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (AD) agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. configuration file:
C:\Program Files (x86)\Okta\Okta AD Agent\OktaAgentService.exe.config
Warning: This information is provided for reference only. Except in rare cases (for example, to alter the number of threads the AD agent uses to poll the server for tasks), admins should not modify these settings.
Note: we strongly recommend disabling verbose logging when finished troubleshooting, as it can very quickly generate several large files
- BaseOktaURI - URL for the orgThe Okta container that represents a real-world organization..
- AgentToken - Encrypted value for the API token that the agent uses for calling Okta.
- AgentId - Unique identifier for the agent, generated during installation.
- AgentName - Human readable ID for the agent. By default, this is the hostname of the domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). controller on which the agent is installed. Changes to the value are reflected in the Okta AD Agent Manager but not in Okta.
- AppId - Unique identifier for the directory to which this agent belongs. The AppId forms part of the URL when you are on the directory integrations page for this instance. For example:
https://acme.okta.com/adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page./appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in./active_directory/instance/0oa5c6b3zzMBmPCoH0h7
- MaxRetryLimitSleep - The default maximum backoff time is 8 minutes.
- ProxyURL - The url:port for the proxy used by this agent, if any. If no value is given for this setting, then a proxy is not being used. Likewise, if there is a value that cannot be resolved as a valid URL, no value is given for this setting.
- ProxyUsername - If the proxy requires authentication, the username is used. By default, no value is given for this setting (none required).
- ProxyPassword - If the proxy requires authentication, the encrypted value for the password is used. By default, no value is given for this setting(none required).
- PollingThreads - The number of concurrent polling requests (between 1 and 10) running between the agent and Okta. A number outside this range sets the number of threads at the minimum or maximum (whichever boundary is exceeded). The default value is 2.
- VerboseLogging - The value is either True or False. True ensures that the log contains more information (mostly in the user provisioning flow). The default value is False.
- ConnectionLimit - The value for system.net.servicepointmanager.defaultconnectionlimit. This value must be higher than the number of agent polling threads. The default is 10. The default .NET limit of two concurrent connections is maintained if Okta fails to parse the value of this setting.
- MaxRetryLimitSleep - Related to circumstances when an agent is unable to reach Okta. The intervals during which disconnected agents are not polling Okta become progressively longer. When the agent is reconnected, polling resumes at the normal frequency. This setting specifies the duration of non-polling ("sleep") intervals. By default, this setting is set to the maximum setting of 1 hour in milliseconds (3600000).
- SslPinningEnabled - When SSL pinning is enabled, the AD agent confirms that the SSL certificate presented by the Okta org matches one of the keys hard-coded in the agent. The default is True.