Okta’s Active Directory (AD) agent supports AD provisioning by security groups. When you import users, all groups within selected operational units (OU) will be imported automatically. Groups imported into Okta are flattened, so all members are listed as direct members rather than in a hierarchy. As such, each group that a person is a member of in AD, whether directly or from a parent, is listed as a direct parent in the Okta user interface.
After you have imported them, you can use your AD security groups like any other group in Okta, including using them for application assignments and multifactor authentication policies.
Here is a list of attributes that are extracted when AD security groups are imported into Okta: