Filter AD group import within OU Skip to main content
https://support.okta.com/help/answers?id=9062a000000xam9qak&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Niall McLoughlinNiall McLoughlin 

Filter AD group import within OU

Is there a function to filter AD groups during import from an OU ? The OU structure contains a significant amount of groups that will never form policy or assignment or applications in Okta, so I'd like to reduce the number of groups imported. LDAP provides an LDAP filter but I can't see another way to restrict AD groups other than at the OU level. Am I missing something ?
Best Answer chosen by Dylann Fezeu (Customer First Programs)
Emilian AldeaEmilian Aldea (Okta, Inc.)
Hey @Niall,
 Emilian here with Okta's Customer Support Team.
 Indeed, as Jim Mollé had said, we do have the same functionality for AD embodied in the Group Object Filters. This is an EA feature, therefore if you'd like us to enable it you'll need to open up a support ticket and / or communicate it to your Account Executive.

Best Regards,

Emilian Aldea
Technical Support Engineer
Okta Global Customer Care

All Answers

Jim MolléJim Mollé (Okta, Inc.)
Hi Niall,
In the AD Setting window, you can leverage the Group Filter option using the (objectCategory=group) field just below the tree structure option where you choose the OUs from which you want to import groups.
Dylann FezeuDylann Fezeu (Customer First Programs)
Hello,

Thanks for posting your inquiry in Okta Community Portal.

If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

Thank you,

Dylann Fezeu
Okta Help Center Team
Emilian AldeaEmilian Aldea (Okta, Inc.)
Hey @Niall,
 Emilian here with Okta's Customer Support Team.
 Indeed, as Jim Mollé had said, we do have the same functionality for AD embodied in the Group Object Filters. This is an EA feature, therefore if you'd like us to enable it you'll need to open up a support ticket and / or communicate it to your Account Executive.

Best Regards,

Emilian Aldea
Technical Support Engineer
Okta Global Customer Care
This was selected as the best answer