Password synchronization helps you coordinate and manage user passwords and makes sure a user’s Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (AD) password and their Okta password always match. With password synchronization, your users use a single password to access applications and devices.
You can synchronize passwords from Okta to AD or from AD to Okta. The password synchronization methodology you choose is determined by which directory you are using currently to authenticate and provision users. To synchronize passwords from Okta to AD, you enable Sync Password on the Okta AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console ProvisioningProvisioning is the enterprise-wide configuration, deployment, and management of multiple types of IT system resources. Specifically, provisioning provides users access to equipment, software, or services. This involves creating, maintaining and deactivating required business process automation objects and attributes in systems, directories, and applications. page. To synchronize passwords from AD to Okta, you install the Okta Password Sync agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. on all integrated domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). controllers in your domain.
You can't synchronize passwords from one AD domain and push passwords to a different AD domain from a single Okta orgThe Okta container that represents a real-world organization.. For example, pulling users from multiple departmental or subsidiary ADs and pushing them to a central or application-specific AD.
What's required to get password sync working
Sync passwords from Okta to AD
Sync passwords from AD to Okta