Hey Okta Community,
We are using Active Directory as a master. When we manually disable an AD account, the Okta AD sync tool kicks in and that Okta user account is disabled as expected. Downstream apps are deprovisioned and access is revoked.
However, when an AD account expires on a date specified in the user's AD properties, the Okta account remains active and the user can still log in and access all downstream apps.
An AD import does not help.
We have several contractors and we need to confirm that their Okta access is revoked on the same date that their AD accounts expire.
Is there way to let Okta know that Disabled Accounts = Expired Accounts?
Thanks in advance,