Okta Org2Org supported features

This table lists the features and functionality available with a Okta Org2Org integration.

  • Users can't be sourced by Org2Org and AD at the same time.
  • Push password updates don't apply to users with a provider type of Federated.
  • The Org2Org integration isn't available in Okta Developer Edition orgs. If you need to test this feature in your Developer Edition org, contact your Okta account team.

Feature

Description

Import new users

Users created in the connected org can be imported into Okta.

Import profile updates

Updates made to a user's profile in the connected org are downloaded and applied to the Okta user profile.

Import user schema

Imports more user attributes from the connected org. Also known as schema discovery.

Push new users

Users created in Okta are also created in the connected org.

Push password updates

User password updates made in Okta are pushed to the connected org.

Doesn't apply to federated users (for example, users from an external IdP in the source org or users provisioned through JIT).

Push profile updates

Updates made to the Okta user profile are pushed to the connected org.

Push User Deactivation

Deactivating a user or disabling application access in Okta removes all user data and the user account in the connected org. When a user is suspended, their data isn't removed and they can't access the application.

Reactivate users

User accounts can be reactivated in the connected org.

When a user account is suspended in the downstream Org (Hub), and deactivated in the upstream Org (Spoke), a reactivate user action in the Spoke will result in user being reactivated in both Spoke and Hub.

Push groups

Groups and their members can be pushed to the connected org. See Group Push.

Profile sourcing

Makes the connected org the profile source.