Original Author: Ed Sawma, Sr. Product Marketing Manager, Okta
You may have heard we were working on this. I'm happy to say, that we now have a version in beta ready for customers to test out!
With this next round of Okta Office 365 Provisioning Enhancements, Okta can replace DirSync in many scenarios. Admins can now provision an extended user profile, as well as distribution groups, contacts, and resources such as conference rooms. See Okta Enhancements with Microsoft Office 365 Integration for more details.
This is a Beta feature, send an email to firstname.lastname@example.org to request it.
Many of our customers who use Okta today instead of ADFS have wanted to complete the picture and eliminate the need for DirSync (now evolved to Azure AD Connect) as well. We're happy to say, that now, in addition to not having to manage an ADFS deployment, we have the capability to bring a much more modern approach to user provisioning and sync.
We have been laser focused on Office 365. We already released our first round of enhancements to provisioning in Early Access. That gives you the ability to provision a rich user profile into Office 365, and it allows you to granularly configure admin roles and license assignments (users who should get a mailbox, or only get SharePoint Online, for example). Also, we just rolled out a new feature that lets you set up WS-Federation in Office 365 without ANY POWERSHELL COMMANDS! Okta runs the PowerShell commands on your behalf.
If you're following the evolution of DirSync, you might have seen that Microsoft just announced their new Azure AD Connect tool is GA. If you read through their blog post and some of the comments, you'll notice a few things:
- If you want true SSO, you still need ADFS
- Azure AD Connect will install multiple ADFS servers and proxies for you. You still have some things you need to configure manually for ADFS to work properly. And, you're still running a bunch of on-prem servers.
- Azure AD Connect still struggles with import matching. (Okta commonly handles scenarios where you have users already in the cloud, and need to match them up with your AD users)
- Microsoft also released a whole new application for monitoring ADFS. Shouldn't ADFS just always work?
DirSync or Azure AD Connect is not the most complex tool to set up. However, it has no way to configure high availability, and no way to scale. And, if you're moving to the cloud, why run another server on-prem when you don't have to?
If you want to be among the first to do away with DirSync, join our Office 365 Provisioning Enhancements beta by emailing email@example.com.