Hi, I have two seperate AD domains/forests in which there is a business need for the same person to exist in both domains for legacy application access. I have my Okta Master set up for 1. Workday 2. AD1 3.AD2. Is it possible to have AD1\User1 and AD2\User1 be "managed" by Workday and Okta such that when Okta/Workday updates the user and/or disables the user, user objects in both ADs are updated?
If the user is mastered by Workday in Okta, (1) you can assigned the user on 2 groups that will be manage by AD1 & AD2 group respectively (*Provisioning Features: Create User and Update User Profile Attributes are enabled on both AD's). (2) You can also performed Push Groups on both groups that the user is a member downstream to AD1 and AD2 (make sure the groups OU are connected to Okta)
If you find youself in to trouble, please submit a support case to have this functions working for you.