Password synchronization use cases

The following table describes password synchronization use cases and the settings and components required for implementation.


Use Case
Enable DelAuth in Okta AD Settings?
Install Password Sync Agent? †
Enable Sync Password in Okta AD Settings?
Enable Sync Password in App? ‡
Allow users to use their AD credentials to sign in to Okta and optionally push AD passwords to provisioning-enabled apps Yes No No

Yes

Allow users to use Desktop Single Sign-on (DSSO) to access Okta or push AD passwords to provisioning-enabled apps Yes Yes No Yes
Sync an Okta user's password to an AD user profile No No Yes No
Sync Okta passwords to AD and push passwords to provisioning-enabled apps No No Yes Yes

In this use case, the Okta Password Sync agent must always be installed and configured on all domain controllers in each domain in your forest, and the Okta username format must be either User Principal Name (UPN) or Security Account Manager (SAM) name.

This option is available only in the provisioning settings of eligible Secure Web Authentication (SWA) apps.