Supported Active Directory integration features

This is where you'll find information about supported Active Directory (AD) integration features and functionality.

Data import and user authentication

This table lists the data import and user authentication features that are available with Active Directory integrations.

Feature

Supported

Description

Delegated Authentication Yes Ability to authenticate user credentials through AD for access into Okta. See Delegated authentication.
Just-In-Time (JIT) Authentication Yes Ability to authenticate user credentials through AD for access into Okta AND update group memberships and profile info before access. See Add and update users with Just-In-Time provisioning.
Instance-level Delegated Authentication Yes Ability to delegate authentication on a per AD-instance level to support more granular authentication scenarios. See Delegated authentication and Configure Active Directory provisioning settings.
Import from Directory Yes Ability to import user and group details from the directory into Okta. AD supports both full import (full data import) and incremental import (only import changes since last import). See Configure Active Directory import and account settings.
Import filter - OU/container selection Yes Ability to filter users and groups based by specifying an LDAP filter and selecting OUs. See Configure Active Directory import and account settings.
Provision to Directory Yes Ability to provision user and group details down to AD. AD supports pushing users, password, and groups down to AD from Okta. See Configure Active Directory provisioning settings.

Password policies

This table lists the password policies that are available with Active Directory integrations.

Feature

Supported

Description

Minimum Length Yes See © 2021 Okta, Inc All Rights Reserved. Various trademarks held by their respective owners..
Complexity Requirements Yes See © 2021 Okta, Inc All Rights Reserved. Various trademarks held by their respective owners..
Common Password Check Yes See © 2021 Okta, Inc All Rights Reserved. Various trademarks held by their respective owners..
Enforce password history for last < X > passwords Yes See © 2021 Okta, Inc All Rights Reserved. Various trademarks held by their respective owners..
Password expires after < X > days Yes See © 2021 Okta, Inc All Rights Reserved. Various trademarks held by their respective owners..
Prompt user < X > days before password expires Yes See © 2021 Okta, Inc All Rights Reserved. Various trademarks held by their respective owners..
Lock out user after < X > unsuccessful attempts Yes See © 2021 Okta, Inc All Rights Reserved. Various trademarks held by their respective owners..
Lock out user after < X number of > minutes Yes See © 2021 Okta, Inc All Rights Reserved. Various trademarks held by their respective owners..
Show lock out failures Yes See © 2021 Okta, Inc All Rights Reserved. Various trademarks held by their respective owners..
Send lock out email to user Yes See © 2021 Okta, Inc All Rights Reserved. Various trademarks held by their respective owners..
Password Soft Lock Yes Ability to lock the Okta account of AD-mastered users through password policies, without triggering a lock of the user's AD account. See How does the password policy soft-lock functionality work.
Self-Service Password Reset Yes Ability to reset AD password through Okta. See Manage users and About self-service registration.
Password Synchronization Yes Ability to sync AD and Okta password. See Synchronize passwords from Okta to Active Directory

Password reset

This table lists the password reset options that are available with Active Directory integrations.

Feature

Supported

Description

Self-service recovery options: Email Yes Ability to reset the password through email. See About self-service registration.
Self-service recovery options: SMS Yes Ability to reset the password through text message. See About self-service registration.
Self-service recovery options: Voice Call Yes Ability to reset the password through a code sent through voice call. Ability to reset the password through a code sent through a voice call. See Manage users and About self-service registration.
Reset, Unlock recovery emails are valid for < X > minutes Yes Ability to configure how long recovery email tokens are valid for. See About self-service registration.
Additional self-service recovery option: Secret questions Yes Ability to reset the password through security questions. See About self-service registration.

Infrastructure

This table lists the infrastructure features that are available with Active Directory integrations.

Feature

Supported

Description

Multiple agent polling threads Yes Ability to increase polling threads on the agent. Increases how many requests the agent can handle per second per thread. See Change the number of Okta Active Directory agent threads