Okta to onPrem Directory Sync. Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Oliver TimmOliver Timm 

Okta to onPrem Directory Sync.

Hello hello, 

I would like to know how to setup Okta to sync passwords back to my onPrem Directory (AD)? I want Okta to be the place users can use at anytime to change password, do a forgot password, or a have an admin initiate a password reset. Then that change in password to be sync'd back to onPrem Active Directory.

Not all users will have access to a Windows machine, to use native mechanisms for password management, we will be predominantly mac and linux environment.

From what I read these are all supported by this model of sync.

"Okta to Directory

Okta can Sync Passwords from Okta to Active Directory. This is typically to support a use case where the administrator wants Okta to be the final Authentication resource but also has an Active Directory that supplies authentication to legacy resources which cannot be connected to Okta. By pushing the Okta password to Active Directory, the administrator can offer end users a consistent login experience for legacy resources, while enjoying the benefits of cloud based SSO for most resources. 

This can be triggered by
End user updating their Okta Password
End user recovering their Okta Passwords
Admin initiated Okta Password Reset

Delegated Authentication must be OFF to permit this behavior.
The Active Directory Agent needs additional permissions to write the new password to Active Directory. See this KB. 
The Password Sync Agent is not required for this functionality"
Jaypee ManansalaJaypee Manansala (Okta)
Hi Oliver,

Thanks for posting your inquiries in Okta Community Portal.

You might need to see this article (see below) which will guide you regarding your implementation.