Can Okta continue to update Users AD passwords, if we enable the AD group Policy stating Users cannot update their own passwords? Skip to main content
https://support.okta.com/help/answers?id=906f0000000i0j5iak&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Nicholas RodriguesNicholas Rodrigues 

Can Okta continue to update Users AD passwords, if we enable the AD group Policy stating Users cannot update their own passwords?

We are worried about Mac Users updating their AD passwords by updating their Mac user accounts (Mac version of Cntrl-Alt-Del).  We were thinking if we set AD to not allow Users to change their passwords, this would address the issue.  But we need to ensure Okta will still be able to update the Users passwords.
Drew PadorDrew Pador (Okta, Inc.)
Hello Nicholas,

Unfortunately the Active Directory setting on the user account will take precedence over Okta's Delegated Authentication settings. The ability for users to change their AD password from Okta relies on the users AD permissions, so when a user authenticates with their AD credentials to Okta, their permissions from AD will be enforced.