Supported Active Directory integration features
This is where you'll find information about supported Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (AD) integration features and functionality.
This table lists the data import and user authentication features that are available with Active Directory integrations.
This table lists the password policies that are available with Active Directory integrations.
|Minimum Length||Yes||See Security Policies.|
|Complexity Requirements||Yes||See Security Policies.|
|Common Password Check||Yes||See Security Policies.|
|Enforce password history for last < X > passwords||Yes||See Security Policies.|
|Password expires after < X > days||Yes||See Security Policies.|
|Prompt user < X > days before password expires||Yes||See Security Policies.|
|Lock out user after < X > unsuccessful attempts||Yes||See Security Policies.|
|Lock out user after < X number of > minutes||Yes||See Security Policies.|
|Show lock out failures||Yes||See Security Policies.|
|Send lock out email to user||Yes||See Security Policies.|
|Password Soft Lock||Yes||Ability to lock the Okta account of AD-mastered users through password policies, without triggering a lock of the user's AD account. See How does the password policy soft-lock functionality work.|
|Self-Service Password Reset||Yes||Ability to reset AD password through Okta. See Manage users and Enable self-service registration.|
|Password Synchronization||Yes||Ability to sync AD and Okta password. See Synchronize passwords from Okta to Active Directory|
This table lists the password reset options that are available with Active Directory integrations.
|Self-service recovery options: Email||Yes||Ability to reset the password through email. See Enable self-service registration.|
|Self-service recovery options: SMS||Yes||Ability to reset the password through text message. See Enable self-service registration.|
|Self-service recovery options: Voice Call||Yes||Ability to reset the password through a code sent through voice call. Ability to reset the password through a code sent through a voice call. See Manage users and Enable self-service registration.|
|Reset, Unlock recovery emails are valid for < X > minutes||Yes||Ability to configure how long recovery email tokens are valid for. See Enable self-service registration.|
|Additional self-service recovery option: Secret questions||Yes||Ability to reset the password through security questions. See Enable self-service registration.|
This table lists the infrastructure features that are available with Active Directory integrations.
|Multiple agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. polling threads||Yes||Ability to increase polling threads on the agent. Increases how many requests the agent can handle per second per thread. See Change the number of Okta Active Directory agent threads|