We are trying to leverage Workday as a master for some of our AD data, including manager. Per the documentation (http://saml-doc.okta.com/Provisioning_Docs/Workday_Provisioning#attributes), I am successfully populating the manager UPN into Okta, but it's not doing the 'translation' in AD as promised. I have confirmed the manager exists in AD and has a matching UPN to the one generated by Okta. Has anyone else experienced this?
Ok, Manager exists in AD, but do the AD agent have Delegated authenication on OU where manager exist? AD agent might not have permissions to view that manager in AD OU where manager exist. Grand AD agent permission to view users in the top OU in AD