Does AD Delegated Auth have to be enabled for imports from AD? If we were to turn it off, would the AD mastered accounts in Okta have a password to login to the dashboard?
My hope is that we could import AD users with delegated auth off and that those users will never have a password to be able to login via the login/default URL. The users would then only be able to SSO to applications via SP or IDP links and the authentication is being provided by a seperate IDP that is already set up.
Thank you for the response. The point here is that we don't need our users to login to Okta to see the dashboard. Only to be able to SAML SSO into applications via IDP or SP URLs. Would not having an Okta password prevent that? As long as the other IDP is the source of authentication for all SSO connetions.