Password synchronization use cases

The following table describes password synchronization use cases and the settings and components required for implementation.

Use Case
Enable DelAuth in Okta AD Settings?
Enable Sync Password in Okta AD Settings?
Allow users to use their AD credentials to sign in to Okta and optionally push AD passwords to provisioning-enabled apps Yes No No


Allow users to use Desktop Single Sign-on (DSSO) to access Okta and push AD passwords to provisioning-enabled apps Yes Yes No Yes
Sync an Okta user's password to an AD user profile No No Yes No
Sync Okta passwords to AD and push passwords to provisioning-enabled apps No No Yes Yes

In this use case, the Okta Password Sync agent must be installed and configured on all domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). controllers in each domain in your forest, and the Okta username format must be either User Principal Name (UPN) or Security Account Manager (SAM) name.

This option is available only in the provisioning settings of eligible Secure Web AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect. (SWAAn acronym for Secure Web Authentication. SWA is a SSO system developed by Okta to provide single sign-on for apps that don't support proprietary federated sign-on methods or SAML. Users can enter their credentials for these apps on their homepage. These credentials are stored such that users can access their apps without entering their credentials each time. When users first sign-in to a SWA app from their homepage, they see a pop-up message asking if they were able to sign-in successfully.) apps.