I would like to know how to setup Okta to sync passwords back to my onPrem Directory (AD)? I want Okta to be the place users can use at anytime to change password, do a forgot password, or a have an admin initiate a password reset. Then that change in password to be sync'd back to onPrem Active Directory.
Not all users will have access to a Windows machine, to use native mechanisms for password management, we will be predominantly mac and linux environment.
From what I read these are all supported by this model of sync.
"Okta to Directory
Okta can Sync Passwords from Okta to Active Directory. This is typically to support a use case where the administrator wants Okta to be the final Authentication resource but also has an Active Directory that supplies authentication to legacy resources which cannot be connected to Okta. By pushing the Okta password to Active Directory, the administrator can offer end users a consistent login experience for legacy resources, while enjoying the benefits of cloud based SSO for most resources.
This can be triggered by End user updating their Okta Password End user recovering their Okta Passwords Admin initiated Okta Password Reset
Delegated Authentication must be OFF to permit this behavior. The Active Directory Agent needs additional permissions to write the new password to Active Directory. See this KB. The Password Sync Agent is not required for this functionality"