Register multiple domains to an Okta Active Directory agent

You can register multiple domains to a single Okta Active Directory (AD) agent. These domains must be in the same forest.

To add more domains to the Okta AD agent, you need to ensure the domains have an external trust and the domain service account has sufficient privileges in all domains.

Each domain that you add to an AD agent relies upon that agent to connect to Okta. When an agent is deactivated or deleted, all of its associated domains stop connecting to Okta. To mitigate against accidental deletion or deactivation, install two or more Okta AD agents on separate servers in each registered domain.

Uninstalling an agent disconnects all associated domains from Okta. For version 3.18.0 or later, any domains that you added using this process are removed when the agent is uninstalled.

  1. On the server running the Okta AD agent, select StartAll ProgramsOktaOkta AD AgentOkta AD Agent Manager.
  2. Select Domains.
  3. In the dropdown menu, select a domain and then click Register. Alternatively, type the domain name in the field, and then click Register.

A message appears stating that your new domain has been registered and you're prompted to restart the agent.

  1. Optional. Register more domains.
  2. Restart the Okta AD agent.