Avoid auto-creation and activation of Okta user upon successful AD user login
We have AD integration set up with delegated authentication enabled and JIT provisioning disabled. We would like our AD users to be granted Okta access in a controlled manner - so one should not be able to access Okta at all before our Okta admin first selects that user from the Imported User List under "Directory Integrations" to create a new Okta user for him/her. However, right now we realised that any AD user can get onboarded directly by simply logging in with AD username and password and then an Okta user will be auto-created and activated - we can't yet figure out a way to disable this. Could somebody please help advice how we can disable this auto Okta user creation? We thought it's related to the JIT Provisioning option but we already disabled it.
Please check if the Enable Just In Time Provisioning checkbox is selected on the menu under Settings > Customization > Just In Time Provisioning. Try disabling that and see if if stops auto activation.
Thanks. Tried it and it works. I didn't realise this setting, but thought JIT provisioning was already disabled after I unchecked Directory -> Directory Integrations -> Active Directory -> Settings -> JIT Provisioning "Create and update users on login". I guess this option actually means something else then?