AD Delegated Authentication Skip to main content
https://support.okta.com/help/answers?id=9062a000000xabfqak&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Keith Register (Admin)Keith Register (Admin) 

AD Delegated Authentication

Hello,

Does AD Delegated Auth have to be enabled for imports from AD? If we were to turn it off, would the AD mastered accounts in Okta have a password to login to the dashboard? 

My hope is that we could import AD users with delegated auth off and that those users will never have a password to be able to login via the login/default URL. The users would then only be able to SSO to applications via SP or IDP links and the authentication is being provided by a seperate IDP that is already set up.


 
Alexandru BusuiocAlexandru Busuioc (Okta, Inc.)
Hello thank you for posting this question on our community page.
If you turn Delegated authentication off you will have this pop up window: 
User-added image
So, the answer is no. 
Keith Register (Admin)Keith Register (Admin)
Alex,

Thank you for the response. The point here is that we don't need our users to login to Okta to see the dashboard. Only to be able to SAML SSO into applications via IDP or SP URLs. Would not having an Okta password prevent that? As long as the other IDP is the source of authentication for all SSO connetions. 

Thanks,
Keith