About Active Directory Security Group Imports Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
About Active Directory Security Group Imports
Published: Jan 12, 2015   -   Updated: Jun 22, 2018

Okta’s Active Directory (AD) agent supports AD provisioning by security groups. When you import users, all groups within selected operational units (OU) will be imported automatically. Groups imported into Okta are flattened, so all members are listed as direct members rather than in a hierarchy. As such, each group that a person is a member of in AD, whether directly or from a parent, is listed as a direct parent in the Okta user interface.

After you have imported them, you can use your AD security groups like any other group in Okta, including using them for application assignments and multifactor authentication policies. 

Here is a list of attributes that are extracted when AD security groups are imported into Okta: 

  • isDeleted
  • objectGUID
  • ou
  • distinguishedName
  • member
  • memberOf
  • name
  • description