AD provisioning issue Skip to main content
https://support.okta.com/help/answers?id=906f0000000hznniac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Mukund PareekMukund Pareek 

AD provisioning issue

HI
I configured AD in Okta by going to Directories section. I installed the AD Agent (Although the documentation mentions latest version is 3.3.5, when I installed the downloaded version was 3.3.2) and configured it with AD domain. COnfiguration was successful and I waas able to sync users also from AD to Okta. But in the Settings section for the AD, I do not see any options for provisioning and also in the Applications, I do not see AD. Is there something I am missing to perform?
James SmithJames Smith
Hi,

Have you imported the users yet to match okta users?
Aaron YeeAaron Yee (Okta, Inc.)
Hi Mukund,

I assume you wish to import users from AD to Okta and then provision those users to SaaS apps. At a high level, you accomplish this via the following steps:
  • Import users and groups from AD to Okta (it sounds like you've completed this)
    • Set it up as a master, so that provisioning and deprovisioning events trigger from the "master source"
  • Configure provisioning from Okta to an app - see the Provisioning tab under an app
    • This will likely occur over APIs (if we've built the connector)
    • Setup an API account
    • Choose from the available provisioning options (create users, update upser attributes, deactivate users, sync Okta password, etc)
  • Assign user to the app
    • Choose between individual or group assignments
More details about provisioning:
https://support.okta.com/help/articles/Knowledge_Article/27716148-Provisioning-and-Deprovisioning-Overview

Aaron Yee, Technical Markting Mgr., Okta
Mukund PareekMukund Pareek
No. I want to provision to AD itself from Okta. As per the documentation, I see in the configuration of agent there are Create option which if enabled will allow Okta to create accounts in AD. Is my understanding correct?
Aaron YeeAaron Yee (Okta, Inc.)
You can certainly create acounts in AD from Okta. As you mentioned, enable the create option. This is how the feature works:
  • Create or use an existing group (Okta group, Workday groups, etc)
  • Place users in this group
  • Attach the group to an AD OU
    • Navigate to Directory > Groups
    • Select your group
    • Click Manage Directories
    • Click on your AD domain; this moves it to the right
    • Click Next, and select the AD OU in which you wish to provision users
  • Users in the group get created in the selected AD OU
Mukund PareekMukund Pareek
I am not seeing the Create option to be enabled when I am going to Settings section in AD configuration in Okta Directories Section.