We have an requirement to implement zero manual provisioning employee on boarding and off boarding process from HR to Okta to AD.
I have integrated our corporate active directory with okta and import all users and group to OKTA. Now users created from my HR application in OKTA has to add to active directory group which i imported earlier . So that users can be created in AD and assign it to the group. I looked into it and could not able to add users to AD groups and also tried to create rule with Active directory group. Seems only we can use OKTA group while creating the rules.
Can we add OKTA users to Active directory group? If so how?
Thanks for the quick response. I am aware of this option to provision users to the Active directory by enble create users in AD settings and add AD to OKTA group to provision user. Actually i am trying to add the user to active directory group which are in OKTA. I could not able to add them.
Are you trying to add them to AD groups that they are not provisioned to? If so it sounds like you are looking to do Push Groups to AD. Groups you add to the Group Push section of the AD settings are pushed into AD so member changes in Okta show up in AD. It's a feature some apps, such as Box, O365 etc have. Take a look at this article on Push Groups and tell if that is what you are trying to do with AD.
Hi, I am having the same issue. It looks like push groups are not supported to active directory because AD is not added as an "app" but instead a directory. We can use AD as the source of truth and flow the groups into Okta but we cannot manage the members through Okta.
Do you have a solution where we can manage AD group membership in Okta? or at least flow a Okta group and members to AD?
I spent a good few hours trying to figure out this myself. It turns out that the "Group Push" feature to AD is an Early Access feature, which is why you don't see it in the directory settings, but they talk about it in the documentation. Contact support, and they can have it enabled. Hope it helps somebody else that is looking for it.