internal okta ad agent Skip to main content
https://support.okta.com/help/answers?id=9062a000000qua9qac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Ben EstevesBen Esteves 

internal okta ad agent

I want to install the okta AD agent on a non DMZ machien and just open up the needed ports to have the agent connected. When testing the AD agent on our DMZ, it worked fine, when installed on an internal server, it errors out almost instantly, because of not being able to reach OKTA, I presume? 

What are the needed ports that need to be opened and to what address? I don't want to open the ports the whole internet. 
Chris HancockChris Hancock (Okta, Inc.)
Hi Ben, 

In order for the AD agent to connect to Okta you will need to open port 443 for outbound traffic. This allows the agent to poll our services and then perform actions such as delegated authentication, imports and real time syncs. 
If you wish to configure this to, only, the okta services then please review our list of IP's found here: 

Okta Firewall Whitelisting:- https://support.okta.com/help/Documentation/Knowledge_Article/Configuring-Firewall-Whitelisting-89944588

Hope this information is helpful, if you still encounter issues with connecting the agent to Okta I would recommned opening a support ticket so we can provide more in depth troubleshooting. 

Thanks,