Add OKTA user to active directory group Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
yamini pothireddyyamini pothireddy 

Add OKTA user to active directory group

We have an requirement to implement zero manual provisioning employee on boarding and off boarding process from HR to Okta to AD.

I have integrated our corporate active directory with okta and import all users and group to OKTA. Now users created from my HR application in OKTA has to add to active directory group which i imported earlier . So that users can be created in AD and assign it to the group. I looked into it and could not able to add users to AD groups and also tried to create rule with Active directory group. Seems only we can use OKTA group while creating the rules.

Can we add OKTA users to Active directory group? If so how?
James FloresJames Flores (Okta, Inc.)
Hi Yamini,

You can provision Okta users to AD.  You'll need to enable the Create Users option in your AD settings then:

1. Create an Okta group used for provisioning
2. Select that group and go to the Directroies section
3. Add your Active Directory, selecting the OU in your AD enviorment

When you add a user to this group they will be provisioned in AD. 
yamini pothireddyyamini pothireddy
Thanks for the quick response. I am aware of this option to provision users to the Active directory by  enble create users in AD settings and add AD to OKTA group to provision user. Actually i am trying to add the user to active directory group which are in OKTA. I could not able to add them.

James FloresJames Flores (Okta, Inc.)
Are you trying to add them to AD groups that they are not provisioned to? If so it sounds like you are looking to do Push Groups to AD. Groups you add to the Group Push section of the AD settings are pushed into AD so member changes in Okta show up in AD.  It's a feature some apps, such as Box, O365 etc have. Take a look at this article on Push Groups and tell if that is what you are trying to do with AD.
Clayton BradyClayton Brady
Hi, I am having the same issue. It looks like push groups are not supported to active directory because AD is not added as an "app" but instead a directory.
We can use AD as the source of truth and flow the groups into Okta but we cannot manage the members through Okta.

Do you have a solution where we can manage AD group membership in Okta? or at least flow a Okta group and members to AD?

Keith KellyKeith Kelly
I'm also very interested in this.  Would be super helpful to be able to add people to distribution lists and such via Okta attributes such as location.
Jonathan AnglissJonathan Angliss
I spent a good few hours trying to figure out this myself.  It turns out that the "Group Push" feature to AD is an Early Access feature, which is why you don't see it in the directory settings, but they talk about it in the documentation.  Contact support, and they can have it enabled.  Hope it helps somebody else that is looking for it.
Admin Ketan SolankiAdmin Ketan Solanki
Hi, Anyone else tried Group Push for AD? Does it enable Okta to manage group memberships in Active Directory? Like adding users to DL in AD from Okta.