oktaproduction9ounvcxa
https://platform.cloud.coveo.com/rest/search
https://support.okta.com/help/s/global-search/%40uri
https://support.okta.com/help/services/apexrest/PublicSearchToken?site=help
Active Directory integration features
The following features support integration with Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management.
| Feature | Supported? | Description |
| Delegated AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect. | Yes | Ability to authenticate user credentials via AD for access into Okta. For more information, see Delegated Authentication. |
| JIT Authentication | Yes | Ability to authenticate user credentials via AD for access into Okta AND update group memberships and profile info before access. For more information, see Add and update end users with Just In Time Provisioning. |
| Instance-level Delegated Authentication | Yes | Ability to delegate authentication on a per AD-instance level to support more granular authentication scenarios. For more information, see Delegated Authentication and STEP 3: Configure Provisioning settings in Install and configure the Okta Active Directory (AD) agent. |
| Import from Directory | Yes | Ability to import user and group details from the directory into Okta. AD supports both full import (full data import) and incremental import (only import changes since last import). For more information, see STEP 2: Configure import and account settings in Install and configure the Okta Active Directory (AD) agent. |
| Import filter - OUAn acronym of Organizational Unit. Organizational units are Active Directory containers into which you can place users, groups, computers, and other organizational units. It is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority./container selection | Yes | Ability to filter users and groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. based by specifying an LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. filter and selecting OUs. For more information, see STEP 2: Configure import and account settings in Install and configure the Okta Active Directory (AD) agent. |
| Provision to Directory | Yes | Ability to provision user and group details down to AD. AD supports pushing users, password, and groups down to AD from Okta. For more information, STEP 3: Configure Provisioning settings in Install and configure the Okta Active Directory (AD) agent. |
| Self-Service PW Reset | Yes | Ability to reset AD password via Okta. For more information, see Manage users and Enable self-service registration. |
| PW Sync | Yes | Ability to sync AD and Okta password. Read this for more info: Using Sync Password |
| Password Policy | ||
| Minimum Length | Yes | See Security Policies for more info on these. |
| Complexity Requirements | Yes | See Security Policies for more info on these. |
| Common Password Check | Yes | See Security Policies for more info on these. |
| Enforce password history for last < X > passwords | Yes | See Security Policies for more info on these. |
| Password expires after < X > days | Yes | See Security Policies for more info on these. |
| Prompt user < X > days before password expires | Yes | See Security Policies for more info on these. |
| Lock out user after < X > unsuccessful attempts | Yes | See Security Policies for more info on these. |
| Lock out user after < X number of > minutes | Yes | See Security Policies for more info on these. |
| Show lock out failures | Yes | See Security Policies for more info on these. |
| Send lock out email to user | Yes | See Security Policies for more info on these. |
| Password Soft Lock | Yes | Ability to lock the Okta account of AD-mastered users via password policies, without triggering a lock of the user's AD account. For more info, refer to: How does the password policy soft-lock functionality work. |
| Password Reset | ||
| Self-service recovery options: Email | Yes | Ability to reset the password through email. For more information, see Enable self-service registration. |
| Self-service recovery options: SMS | Yes | Ability to reset the password through text message. For more information, see Enable self-service registration. |
| Self-service recovery options: Voice Call | Yes | Ability to reset the password through a code sent through voice call. Ability to reset the password through a code sent through a voice call. For more information, see Enable Voice Call for password resets in Manage users and Enable self-service registration. |
| Reset, Unlock recovery emails are valid for < X > minutes | Yes | Ability to configure how long recovery email tokens are valid for. For more information, see Enable self-service registration. |
| Additional self-service recovery option: Secret questions | Yes | Ability to reset the password through security questions. For more information, see Enable self-service registration. |
| Infrastructure | ||
| Multiple agent polling threads | Yes | Ability to increase polling threads on the agent. Increases how many requests the agent can handle per second per thread. For more information, see Change the number of Okta Active Directory (AD) agent threads |