Does Okta cache AD credentials for Active Directory Mastered accounts? If so, how? Skip to main content
https://support.okta.com/help/answers?id=906f0000000qtgriak&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Rocky ReyesRocky Reyes 

Does Okta cache AD credentials for Active Directory Mastered accounts? If so, how?

Users have expressed concern over entering their AD credentials, which also provide VPN access to our internal infrastructure, into a web-based solution such as Okta.

How can I best explain to them the secure nature in which Okta handles the use of their AD credentials?
Raja NejemRaja Nejem (Okta, Inc.)
ALL communication between Okta and the customer is protected by TLS 1.2 capable services supporting Perfect Forward Secrecy (PFS).  Okta supports Perfect Forward Secrecy (PFS) on all services which creates a unique TLS session key which means an attacker with Okta's private keys could not read previously captured traffic via sniffing or man-in-the-middle attacks.

We create a very secure hash of the username, password and a unique user ID. This is salted and hashed with SHA256 in the same way Office 365 stores AD credential data. Note we do not just store your AD hash.
Rocky ReyesRocky Reyes
Thank you Raja!
Lazaros KyrillidisLazaros Kyrillidis
Hi Raja.

I had a couple of similar concerns from users and it is something that is a concern for me as well. Is there a white paper or any form of documentation that we can have access to, so that we can have a more detailed view?
Rocky ReyesRocky Reyes
Is anyone still using Cisco VPN that uses AD credentials only? (no RSA token or other factor)
Hugh KelleyHugh Kelley
Raja,  I agree with Lazaros, a whitepaper discussing DelAuth hashes would be appropriate.

This DelAuth data structure is also mentioned on this thread:
https://support.okta.com/help/answers?id=906F0000000HzndIAC