When scheduled imports are enabled for AD integration, are imported users automatically activated? Skip to main content
https://support.okta.com/help/answers?id=9062a000000dfuhqaw&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Admin RegAdmin Reg 

When scheduled imports are enabled for AD integration, are imported users automatically activated?

When scheduled imports are enabled for AD integration, are newly imported users automatically activated?

That is, a new user account is created in AD, Okta is set to import every hour. An hour passes, the user is imported from the synced OU. Is that user activated automatically or does an admin need to confirm and activate the user?
Best Answer chosen by Dylann Fezeu (Customer First Programs)
Alex GeorgescuAlex Georgescu (Vendor Management)
Allow me to correct an above link (copied the same one) : 

https://support.okta.com/help/Documentation/Knowledge_Article/28594326-Choosing-an-Incremental-or-Full-Active-Directory-Import

this is the correct one for "Choosing an Incremental or Full Active Directory Import" .

Have a great weekend ahead.

All Answers

Alex GeorgescuAlex Georgescu (Vendor Management)

Hello Reg

The short answer for this case is "Yes", if you have "Auto-activate new users" from the Settings page of your Active Directory tab (when accessing Okta dashboard - Directory - Directory integrations) 

But the long , more detailed answer is "Depends". 
- for example I'd need to have all 4 mandatory attributes correctly defined when creating new users. First Name, Last Name, Username (in an e-mail format) and primary e-mail. 
- in the same Setting tab of your AD in Okta, take a look at the three radio bullets options under Match Settings as these will determine how an user is imported if it's an exact match and if you would allow also partial matches
- just below in the Confirmation Settings  you can choose how to auto-confirm or auto-configure users, depending on your internal desired configuration or org policy.

For example , in the scenario where I created a user in AD, set his 4 attributes and checked only on "password never expires",
IF I have configured my AD to have delegated authentication ( if you want Active Directory to authenticate your users when they sign into Okta. A user's Okta credentials are the same as their Active Directory credentials when delegated authentication is on).
AND IF  I have back in my Okta org the "Match settings - imported users is an exact match to okta if - Okta username format matches " , down below I also allow partial matches by first and last name , and further on I have checked on "New users- Auto-confirm new users and Auto-activate new users",
THEN in my next import (be it incremental or full), this new user will apear as "Active" and he can go ahead and log on.

Furthermore, if you choose not to schedule imports and leave the Just in Time provisioning enabled, your users will be automatically created and updated at sign-on, and also any time you as an Admin check their profile pages from your own Okta instance (automated process in the background).
Note : If you are using JIT provisioning with AD users, they must be imported first. After you enable JIT, import user accounts from AD. The import process defines the set of AD accounts that can be used to create Okta accounts (whether via JIT or the confirmation process).

More links to help you out : 
https://support.okta.com/help/Documentation/Knowledge_Article/Install-and-Configure-the-Okta-Active-Directory-Agent-1597766701   [scroll down to "Schedule Import"]

Importing people : 
https://support.okta.com/help/Documentation/Knowledge_Article/Importing-People-586580093

Choosing an Incremental or Full Active Directory Import
https://support.okta.com/help/Documentation/Knowledge_Article/Importing-People-586580093

I hope I answered your quetion and covered most related topics. 
Let us know if you require further help or should you encounter any issues, feel free to open a case ticket with us and we'll be ready to assist you. 

Alex.

Alex GeorgescuAlex Georgescu (Vendor Management)
Allow me to correct an above link (copied the same one) : 

https://support.okta.com/help/Documentation/Knowledge_Article/28594326-Choosing-an-Incremental-or-Full-Active-Directory-Import

this is the correct one for "Choosing an Incremental or Full Active Directory Import" .

Have a great weekend ahead.
This was selected as the best answer
Dylann FezeuDylann Fezeu (Customer First Programs)
If you receive a great answer to your question, please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

Thank you,
OHC Team