Can Okta continue to update Users AD passwords, if we enable the AD group Policy stating Users cannot update their own passwords?
We are worried about Mac Users updating their AD passwords by updating their Mac user accounts (Mac version of Cntrl-Alt-Del). We were thinking if we set AD to not allow Users to change their passwords, this would address the issue. But we need to ensure Okta will still be able to update the Users passwords.
Unfortunately the Active Directory setting on the user account will take precedence over Okta's Delegated Authentication settings. The ability for users to change their AD password from Okta relies on the users AD permissions, so when a user authenticates with their AD credentials to Okta, their permissions from AD will be enforced.