Question about OKTA (Active Directory) password reset/change integration with Sophos Safeguard product
Our company uses the Sophos Safeguard product line for whole disk encryption on our corporate Windows workstations and laptops (windows 7). This whole disk encryption system holds and issues user certificates (within itself) whenever a user password is changed using the standard password reset feature available on domain joined computers (press ctrl+alt+del, select change password). At present it is vital that local and remote users only change their password while connected to the corporate network.
If they fail to do this (change password using standard tool while connected to LAN/VPN)... the Sophos system requires manual intervention to re-lign user encryption certificates with the AD user account.
At present using OKTA to change AD mastered account passwords "breaks" Sophos certificates as well. At least in the default configuration.
Is there a setting, or integration available, that will enable us to use the OKTA AD mastered account password recovery/reset features... and NOT break Sophos at the same time?
This sounds like a question best answerd with the help of Sophos. The current integration (AD reset via Okta) untilzies the Okta AD agent installed on your local server to update/reset passwords. It sounds like in order for Sophos to work the password reset must be initiated from the local computer rather than via a third party AD agent. A good question for Sophos would be, "Is it possible for Sophos to complete it's cert updates based on a password update event on the server rather than from the user's computer?"