What would be the best practice when unlocking user? Should I unlock user via OKTA or directly from AD? If locked out in okta, will I be lockout in AD as well? If AD account has been locked out, can I unlock it via OKTA? AD is the Profile Master in this scenario.
Users can't login still even after unlocking the account in OKTA.
User can be unlocked in AD via Okta . You will first have to add a Rule to your Active Directory password policy which allows for users to change their AD passwords in Okta. (Security > Authentication > Active Directory Password Policy > Add Rule) Once this is activated, then you can click a user's name from the People page and you should have the option of clicking the Reset Password button in the upper right of the user's page.